ci(infra): check release dependency pins against PyPI (#38048)

Release PRs now get an earlier dependency-resolution check before merge,
catching unpublished intra-monorepo pins before they can produce broken
wheel metadata. The minimum-version helper also fails with a clear error
when no published PyPI version satisfies a declared constraint, instead
of emitting an invalid `pkg==None` requirement.
This commit is contained in:
Mason Daugherty
2026-06-10 21:03:51 -04:00
committed by GitHub
parent fcaa61636e
commit 5b029268f7
2 changed files with 130 additions and 0 deletions

View File

@@ -196,4 +196,20 @@ if __name__ == "__main__":
# Call the function to get the minimum versions
min_versions = get_min_version_from_toml(toml_file, versions_for, python_version)
# A `None` value means no *published* version on PyPI satisfies the declared
# constraint, e.g. a `release(...)` PR bumped a minimum pin to a version that
# has not shipped yet. Emitting `pkg==None` would be passed verbatim to
# `uv pip install` in the release workflow's minimum-version test step,
# producing a cryptic install failure, so fail loudly here instead.
unresolved = [lib for lib, version in min_versions.items() if version is None]
if unresolved:
print(
"ERROR: no published version on PyPI satisfies the declared constraint "
f"for: {', '.join(sorted(unresolved))}. A release likely pinned a "
"dependency to a version that is not yet published. Release the "
"dependency first, or relax the pin.",
file=sys.stderr,
)
sys.exit(1)
print(" ".join([f"{lib}=={version}" for lib, version in min_versions.items()]))