ci: pin dependencies to uv.lock for deterministic CI#259
Merged
Conversation
CI installed `-e '.[dev]'` which ignores uv.lock and resolves the newest versions each run, causing recurring flakiness unrelated to code changes: - newer faiss-cpu/mypy surfaced type errors (fixed in #254) - newer litellm (1.88.x) intermittently triggers OpenAI 431 "Request headers are too large" on large-payload calls Pin every dependency to uv.lock so CI is reproducible: - Add a "Generate locked constraints" step (`uv export --locked ...`) and install with `--constraint`, in both the lint and tests jobs. `--locked` also guards that uv.lock stays in sync with pyproject.toml. - Regenerate uv.lock so it matches pyproject again: gepa moves from the old git source to PyPI 0.1.1 (the lock was stale after #256), and the project version syncs to 1.2.1. litellm stays pinned at the known-good 1.80.0. Verified locally with the pinned set (litellm 1.80.0, mypy 1.18.2, faiss-cpu 1.13.0): `uv export --locked` + `uv pip install -e '.[dev]' --constraint` + ruff + mypy all pass; lotus imports cleanly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Make CI deterministic by pinning all dependencies to
uv.lock. CI installed-e '.[dev]', which ignoresuv.lockand resolves the newest versions every run — the root cause of recurring, code-unrelated flakiness:faiss-cpu/mypysurfaced type errors (fixed reactively in Fix mypy errors from dependency drift (unblock CI) #254)litellm(1.88.x) intermittently triggers OpenAI 431 "Request headers are too large" on large-payload calls (test_filter_cascade,test_sem_agg_document_long_context, multimodality) — a different test fails each runChanges
uv export --locked --no-emit-project --no-hashes --all-extras -o /tmp/constraints.txt) and install with--constraintin both the lint and tests jobs.--lockedalso guards thatuv.lockstays in sync withpyproject.toml.uv.lockso it matchespyproject.tomlagain:gepamoves from the old git source to PyPI0.1.1(the lock went stale after Fix PyPI publish: use gepa from PyPI instead of git URL #256), and the project version syncs to1.2.1. litellm stays pinned at the known-good 1.80.0 (below the 1.88.x that 431s). The large lockfile diff is mostlyupload-timemetadata added by the neweruv.Test Plan / Results
Local, with the exact pinned set (litellm 1.80.0, mypy 1.18.2, faiss-cpu 1.13.0, ruff 0.14.5):
The OpenAI 431 is server-side/transient; pinning to litellm 1.80.0 is the best in-repo mitigation. CI on this PR is the live confirmation.
Type of Change