ci: Drop EOL Python 3.9 and macos-13

[MaxymVlasov]

Description of your changes

Deal with issues highlighted in #947

[Copilot]

Pull Request Overview

This PR removes support for the end-of-life Python 3.9 and updates the CI/CD configuration. However, there is a critical issue: the PR incorrectly references Python 3.14, which does not exist yet (the latest stable version as of November 2025 is Python 3.13).

Key Changes

• Updates minimum Python version from 3.9 to 3.10 across configuration files
• Modernizes type hints using Python 3.10+ pipe operator syntax (| instead of Union)
• Attempts to update CI test matrix to use Python 3.14 (which is incorrect)

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
pyproject.toml	Removes Python 3.9 classifier and updates minimum required version to 3.10
ruff.toml	Updates target version from py39 to py310
.mypy.ini	Updates python_version from 3.9 to 3.10
src/pre_commit_terraform/_types.py	Replaces Union[ReturnCode, int] with modern ReturnCode | int syntax compatible with Python 3.10+
.pre-commit-config.yaml	Updates MyPy hooks configuration - incorrectly changes from 3.13/3.11/3.9 to 3.14/3.12/3.10
.github/workflows/ci-cd.yml	Updates test matrix - incorrectly changes highest version from 3.13 to 3.14, replaces macos-13 with macos-15-intel

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[MaxymVlasov]

==> Could not verify signature. Please contact Codecov if problem continues
Exiting...

Must be a Cloudflare issue. Let's wait a day

[webknjaz]

Isn't this inherited from pyproject.toml's [project].requires-python?

[MaxymVlasov]

No idea

[webknjaz]

https://docs.astral.sh/ruff/configuration/#inferring-the-python-version

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated minimum Python requirement from 3.9 to 3.10.
  • Added support for Python 3.14.
  • Dropped support for Python 3.9.
  • Updated CI/CD workflows, pre-commit hooks, and linting configuration to target updated Python versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Updated project configuration and CI to target newer Python/macOS versions and modernized a type alias to PEP 604 union syntax. Changes touch CI workflow, linters/pre-commit, packaging metadata, and a single internal types file; no public API signatures were modified.

Changes

Cohort / File(s)	Summary
CI workflow .github/workflows/ci-cd.yml	Adjusted test matrix: removed Python 3.9, added Python 3.14 (moved 3.13 under other matrix section); replaced macOS runners macos-13/macos-14 with macos-15 and macos-15-intel.
Project metadata pyproject.toml	Bumped requires-python from ">= 3.9" to ">= 3.10"; removed Programming Language :: Python :: 3.9 classifier and added Programming Language :: Python :: 3.14.
Type checking configs / hooks .mypy.ini, .pre-commit-config.yaml	.mypy.ini: set python_version from 3.9 → 3.10. .pre-commit-config.yaml: bumped mypy hook targets and report paths (e.g., 3.13→3.14, 3.11→3.12, 3.9→3.10) — mechanical version/report path updates.
Linter config ruff.toml	Removed target-version = "py39" (and related comment); left other ruff settings unchanged.
Internal types src/pre_commit_terraform/_types.py	Replaced Union[...] usage with PEP 604 union syntax (`ReturnCode

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Mechanical, consistent version bumps across configs
• Single small, low-risk type syntax change
• Review attention: CI matrix changes and pyproject requires-python/classifiers; ensure CI runner availability and packaging metadata are intentional

Suggested labels

area/macOS

Suggested reviewers

• antonbabenko
• webknjaz
• yermulnik

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately summarizes the main changes: dropping end-of-life Python 3.9 support and removing macos-13 from CI.
Description check	✅ Passed	The description references PR #947 and indicates the changes address issues highlighted there, which is relevant to the changeset's scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5b9ce17 and 34b3f5a.

📒 Files selected for processing (1)

• ruff.toml (0 hunks)

💤 Files with no reviewable changes (1)

• ruff.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: 🧪 Tests / pytest@🐍3.10@macos-15-intel
• GitHub Check: 🧪 Tests / pytest@🐍3.12@macos-15
• GitHub Check: 🧪 Tests / pytest@🐍3.11@macos-15-intel
• GitHub Check: 🧪 Tests / pytest@🐍3.11@windows-2025
• GitHub Check: 🧪 Tests / pytest@🐍3.12@macos-15-intel
• GitHub Check: 🧪 Tests / pytest@🐍3.13@windows-2025
• GitHub Check: 🧪 Tests / pytest@🐍3.13@macos-15-intel
• GitHub Check: 🧪 Tests / pytest@🐍3.14@windows-2025
• GitHub Check: 🧹 Linters / pre-commit@🐍3.13@ubuntu-latest

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[webknjaz]

It might be a good idea to start pinning the additional deps in here. Both these and the repo version contribute to the cache key in pre-commit. And the cache in https://pre-commit.ci is effectively immportal. So when a new version of a dep like pytest is out, pre-commit.ci won't start using it until the cache key changes. That can happen when the repo version above changes or when something in this list of strings changes. This results in updating the repo version suddenly starting to use a different pytest version way later than its actual release happens. Having pins in here gives you better control over when the new versions are being picked up and so you'd see failures when you bump things in here instead of seeing failures at some point later, when the repo is getting bumped by the bot.

One project that can manage these is https://pypi.org/p/upadup.

[webknjaz]

Must be a Cloudflare issue. Let's wait a day

Yep, that's happening to all my CI runs. All the hosts behind their CDN return HTTP 500: https://cloudflarestatus.com.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.55%. Comparing base (3e855bb) to head (34b3f5a).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #948   +/-   ##
=======================================
  Coverage   96.55%   96.55%           
=======================================
  Files          10       10           
  Lines         261      261           
  Branches        7        7           
=======================================
  Hits          252      252           
  Misses          9        9           

Flag	Coverage Δ
CI-GHA	96.55% <100.00%> (ø)
MyPy	91.47% <100.00%> (ø)
OS-Linux	96.55% <100.00%> (ø)
OS-Windows	100.00% <100.00%> (ø)
OS-macOS	100.00% <100.00%> (ø)
Py-3.10.11	100.00% <100.00%> (ø)
Py-3.10.18	?
Py-3.10.19	100.00% <100.00%> (ø)
Py-3.11.13	?
Py-3.11.14	100.00% <100.00%> (ø)
Py-3.11.9	100.00% <100.00%> (ø)
Py-3.12.10	100.00% <100.00%> (ø)
Py-3.12.11	?
Py-3.12.12	100.00% <100.00%> (ø)
Py-3.13.7	?
Py-3.13.8	?
Py-3.13.9	96.55% <100.00%> (ø)
Py-3.14.0	100.00% <100.00%> (?)
Py-3.9.13	?
Py-3.9.23	?
Py-3.9.24	?
Py-3.9.25	?
VM-macos-13	?
VM-macos-14	?
VM-macos-15	100.00% <100.00%> (?)
VM-macos-15-intel	100.00% <100.00%> (?)
VM-ubuntu-24.04	100.00% <100.00%> (ø)
VM-ubuntu-latest	91.47% <100.00%> (ø)
VM-windows-2025	100.00% <100.00%> (ø)
pytest	100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[antonbabenko]

This PR is included in version 1.104.0 🎉