ci(jans-cedarling): upgrade python version

[SafinWasi]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #13193

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

Summary by CodeRabbit

• Chores
  • Upgraded runtime and build environment to Python 3.11, including container base image.
  • Updated packaging and install references to the Python 3.11 wheel and its download URL.
  • Adjusted project metadata to require Python ^3.11.
  • Updated CI/test configuration to run under Python 3.11 and applied minor test command formatting.

[mo-auto]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates Python runtime from 3.10 to 3.11 across the flask-sidecar: Dockerfile base image and wheel filenames, pyproject.toml Python constraint, tox.ini test environment, and CI package build/signing matrix.

Changes

Cohort / File(s)	Summary
Runtime & packaging jans-cedarling/flask-sidecar/Dockerfile	Bumped base image to python:3.11.14-slim-trixie; switched cedarling wheel filenames and download URL from cp310-cp310-* to cp311-cp311-*; updated poetry add invocation to use cp311 wheel.
Project metadata jans-cedarling/flask-sidecar/pyproject.toml	Updated [tool.poetry.dependencies].python constraint from ^3.10 → ^3.11.
Test config jans-cedarling/flask-sidecar/tox.ini	Changed tox env from py310 → py311; minor formatting tweak in pytest command.
CI workflow .github/workflows/build-packages.yml	Removed Python 3.10 wheel build/signing; CI now builds and signs only the Python 3.11 (cp311) wheel and uploads that artifact.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately reflects the main change: upgrading Python version for the jans-cedarling sidecar from 3.10 to 3.11 across all relevant files and CI/CD configurations.
Description check	✅ Passed	The PR description follows the template structure with completed checklist items, a linked issue reference (#13193), and confirmation of no documentation impact.
Linked Issues check	✅ Passed	The PR successfully implements the primary objective from #13193: upgrading the sidecar's Python runtime from 3.10 to 3.11 across Dockerfile, pyproject.toml, tox.ini, and build workflow.
Out of Scope Changes check	✅ Passed	All code changes are directly related to the Python 3.10 to 3.11 upgrade objective: no unrelated or out-of-scope modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci-sidecar-upgrade-python

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@jans-cedarling/flask-sidecar/Dockerfile`:
- Line 57: The Dockerfile uses an unquoted command substitution elsewhere (e.g.,
the wget/poetry invocations around the cedarling wheel), which can cause
word-splitting; fix by wrapping any $(...) command substitutions in double
quotes (e.g., change $(some-command) to "$(some-command)") for the wget/poetry
add lines and any other occurrences so the expanded value is treated as a single
argument.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

jans-cedarling/flask-sidecar/Dockerfile (2)

76-76: 🧹 Nitpick | 🔵 Trivial

Consider adding a HEALTHCHECK instruction.

Static analysis (Checkov CKV_DOCKER_2, Trivy DS026) flags the missing HEALTHCHECK. Since curl is already installed, a simple check would improve orchestrator-level health monitoring.

💡 Example HEALTHCHECK

 EXPOSE 5000
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:5000/ || exit 1

Adjust the endpoint to an appropriate health/readiness path if one exists.

---

53-54: 🧹 Nitpick | 🔵 Trivial

Pre-existing: version regex is fragile.

The sed pattern on line 53 uses unescaped . (matches any char) and only handles single-digit version components (e.g., 1.0.0 but not 1.10.0). Not introduced by this PR, but worth hardening if you're already touching this file.

💡 Suggested regex improvement

-        && version=$(sed -n 's/.*version = "\([0-9].[0-9].[0-9]\)"/\1/p' Cargo.toml) \
+        && version=$(sed -n 's/.*version = "\([0-9]\+\.[0-9]\+\.[0-9]\+\)"/\1/p' Cargo.toml) \

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/build-packages.yml (1)

540-545: ⚠️ Potential issue | 🟠 Major

Add python-version: '3.11' to the setup-python action.

Line 540 invokes actions/setup-python without a python-version input. On ubuntu-22.04 runners, this defaults to Python 3.10 on PATH. However, line 545 passes -i python3.11 to maturin, which requires the python3.11 interpreter to be available. Without an explicit version, the build will fail to find python3.11.

Proposed fix

     - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      with:
+        python-version: '3.11'
     - uses: PyO3/maturin-action@86b9d133d34bc1b40018696f782949dac11bd380 # v1.49.4