Skip to content

ci: commit uv.lock for reproducible CI; hold mypy <2.1#128

Merged
FBumann merged 3 commits into
mainfrom
fix/pin-mypy-below-2.1
Jun 29, 2026
Merged

ci: commit uv.lock for reproducible CI; hold mypy <2.1#128
FBumann merged 3 commits into
mainfrom
fix/pin-mypy-below-2.1

Conversation

@FBumann

@FBumann FBumann commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Problem

The Type check job fails on every open PR — including #126, a no-op actions/checkout bump that touches no Python:

numpy/__init__.pyi:737: error: Type statement is only supported in Python 3.12 and greater  [syntax]
mypy==2.1.0

uv.lock was gitignored and CI ran a bare uv sync (no --frozen), so every run re-resolved from scratch and silently picked up newly-released deps. mypy 2.1.0 now type-checks numpy's bundled stubs against python_version = "3.11" and errors on numpy's PEP 695 type statement (valid only on 3.12+). The break landed on unrelated PRs instead of where it belonged.

Fix

Make CI reproducible by committing the lockfile:

  • Track uv.lock (un-gitignored) and sync with --frozen in CI + docs. The whole dev/CI graph — including transitive deps like numpy — is now pinned. A dependency changes only when the lock diff changes, in a reviewable PR.
  • Dependabot bumps the lock (pipuv ecosystem). A breaking release now arrives as its own PR that fails CI loudly and gets held — never silently drifting onto a feature PR. Kept monthly (the lock removes the drift risk, so cadence is just churn-vs-granularity).
  • mypy bounded <2.1 as a documented hold (lift once the numpy-stub regression is fixed upstream). Lock resolves mypy to 2.0.0.
  • Runtime deps stay as ranges (this is a library — published constraints are unchanged; the lock is dev-only and never reaches downstream installs). nightly.yaml still floats --resolution lowest/highest to test the ranges.

Verified

uv sync --group dev --frozen + uv run mypy src/pytest_benchmem testsSuccess: no issues found in 25 source files; uv lock --check clean. Unblocks #127 and #126.

🤖 Generated with Claude Code

mypy 2.1.0 type-checks numpy's bundled stubs against python_version=3.11
and errors on numpy's PEP 695 `type` statement (valid only on 3.12+),
breaking the Type check job on every open PR (including no-op CI bumps).
Pin below 2.1 until the regression is resolved upstream.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@read-the-docs-community

read-the-docs-community Bot commented Jun 29, 2026

Copy link
Copy Markdown

Documentation build overview

📚 pytest-benchmem | 🛠️ Build #33352301 | 📁 Comparing e656efd against latest (96275d9)

  🔍 Preview build  

1 file changed
± compare-plot/index.html

FBumann and others added 2 commits June 29, 2026 11:14
Pin ruff/mypy/pre-commit to exact versions so CI (no committed lockfile)
is reproducible and dependency bumps arrive as reviewable dependabot PRs
instead of silent drift — which is how mypy 2.1.0 broke type-check on
unrelated PRs. mypy held at 2.0.0 (2.1.0 errors on numpy's PEP 695 stub
under python_version=3.11). Dependabot weekly -> monthly to cut churn.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Track uv.lock and sync with --frozen in CI/docs so the dev graph (incl.
transitive deps like numpy) is pinned and reproducible. A dependency now
changes only via a dependabot PR that runs CI — a breaking release fails
loudly there instead of drifting silently onto unrelated PRs, which is
how mypy 2.1.0 broke type-check. mypy bounded <2.1 as a documented hold
(2.1.0 errors on numpy's PEP 695 stub under python_version=3.11). Runtime
deps stay as ranges; nightly still floats --resolution to test them.
Dependabot pip->uv ecosystem (updates the lock), kept monthly.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@FBumann FBumann changed the title ci: pin mypy <2.1 to unblock type-check ci: commit uv.lock for reproducible CI; hold mypy <2.1 Jun 29, 2026
@FBumann FBumann enabled auto-merge (squash) June 29, 2026 09:29
@FBumann FBumann merged commit ae409aa into main Jun 29, 2026
14 checks passed
@FBumann FBumann deleted the fix/pin-mypy-below-2.1 branch June 29, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant