Skip to content

research: version-pinning design review — exact pins vs daily release #118

Description

@Jammy2211

Overview

The PyAuto stack pins one exact version string across every library and workspace: __version__ is duplicated in each library's __init__.py, and autoconf.check_version() hard-fails a user's import when the workspace's recorded version disagrees with the installed library. The motivation (stop users pairing a wrong source/workspace combination) is sound, but the check often breaks for legitimate users, the version string is smeared across code and workspaces, and accidentally released versions (later yanked from PyPI) may still linger in source. This task is a design review: assess whether the high-level design makes sense, and how it should interact with the daily automated release about to be reinstated in rehearsal mode.

Autonomy: --auto launch, effective level supervised (research cap). Plan recorded here per the autonomy contract; the run proceeds and judgment forks come back as batched questions on this issue. Deliverable is a report on this issue — no code changes, no PR.

Plan

  • Map the current pinned-version mechanism end-to-end: library __version__ duplication, the autoconf workspace check, workspace version records, and how the release pipeline stamps them.
  • GitHub archaeology: find the accidentally released versions and the PyPI-yank issue; check whether those version strings still linger in source or tags.
  • Catalogue the user-facing failure modes of the exact-match check from issue history.
  • Assess the high-level design against alternatives (compatible-range checks, warn-vs-fail, single-source-of-truth versioning).
  • Assess the interaction with the reinstated daily release rehearsal (PyAutoBuild release.yml → TestPyPI, then real PyPI).
  • Write the design review + recommendation to this issue and propose follow-up prompts for any concrete changes.
Detailed implementation plan

Affected Repositories

  • PyAutoBuild (primary — owns release stamping and the reinstated daily release)
  • Read-only survey across PyAutoConf, PyAutoFit, PyAutoArray, PyAutoGalaxy, PyAutoLens and the three user workspaces

Branch Survey

Repository Current Branch Dirty?
./PyAutoBuild main clean

Suggested branch: none — research-only, no code edits; deliverable is the report on this issue.

Implementation Steps

  1. Mechanism survey. Document the full pinning pipeline: __version__ = "2026.7.6.649" duplicated in PyAutoConf/autoconf/__init__.py, PyAutoFit/autofit/__init__.py, PyAutoArray/autoarray/__init__.py, PyAutoGalaxy/autogalaxy/__init__.py, PyAutoLens/autolens/__init__.py; check_version() in PyAutoConf/autoconf/workspace.py (hard WorkspaceVersionMismatchError, config/general.yaml version.workspace_version precedence over legacy version.txt, the two bypass paths); setup.py reading VERSION from the environment; how PyAutoBuild release.yml rewrites all of these plus the workspace side at release time; how sibling-library dependency versions are (or are not) pinned in packaging metadata.
  2. Archaeology. gh search issues/PR history for the yank incident; enumerate published versions per package via the PyPI JSON API and git tags; identify the accidental versions and grep current source for lingering occurrences.
  3. Failure modes. Search library/workspace issue trackers for WorkspaceVersionMismatchError / version-mismatch reports; classify why the check fires on legitimate users (main-branch clones, partial upgrades, copy-pasted scripts, conda/pip skew).
  4. Design assessment. Weigh exact-match hard-fail against alternatives: warn instead of raise; compatible-range (date-window or minor-series) matching; deriving the version from package metadata (importlib.metadata) instead of hand-stamped __init__.py strings; single source of truth for the stack version; whether the five-way duplication is load-bearing or incidental.
  5. Daily-release interaction. With a weekday release cadence returning (rehearsal → TestPyPI first), assess how exact pinning behaves: how stale a user workspace can be after one day, whether daily stamping amplifies mismatch frequency, what the rehearsal-mode stamping must NOT touch, and what invariants the release pipeline needs so an accidental publish can't happen silently again.
  6. Report. Post the design review to this issue: current-state map, incident findings, failure-mode catalogue, recommendation (keep / adjust / replace), and proposed follow-up Mind prompts for any concrete changes.

Key Files

  • PyAutoConf/autoconf/workspace.pycheck_version, WorkspaceVersionMismatchError, bypasses
  • PyAuto{Conf,Fit,Array,Galaxy,Lens}/<pkg>/__init__.py — duplicated __version__ stamps
  • PyAutoBuild/.github/workflows/release.yml — daily release + rehearsal mode (currently paused)
  • workspace config/general.yamlversion.workspace_version, workspace_version_check
  • */setup.pyVERSION env-var wiring

Worktree root

None — research-only task, no worktree.

Original Prompt

Click to expand starting prompt

We have this API which pins version numbers throughout the source code, with the motivation being it stops users from pairing a wrong version of the source code with the workspace. I think this is a good design, albeit it often breaks for users, and it means we have this version number throughout the code and workspace. We also ran into issues with me accidentally releasing some versions which I think are still in the source code — look at the GitHub history to find them, there was an issue about yanking their PyPIs. Can you review and assess if this high level design makes sense or if we can do it better? Also consider how we will basically have nightly build + release reinstated soon.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions