Skip to content

Pin pipenv in CI via ensure-pipenv and regenerate lock#2251

Draft
ideaship wants to merge 1 commit intomainfrom
fix-pin-pipenv
Draft

Pin pipenv in CI via ensure-pipenv and regenerate lock#2251
ideaship wants to merge 1 commit intomainfrom
fix-pin-pipenv

Conversation

@ideaship
Copy link
Copy Markdown
Contributor

@ideaship ideaship commented May 4, 2026

Summary

  • Switches pre.yml to the ensure-pipenv role from osism/zuul-jobs
    (after ensure-pip), following the same pattern as Pin pipenv in CI via ensure-pipenv and regenerate lock netbox-manager#235
  • Removes pipenv from the apt package list (Debian Bookworm ships
    2022.12.19, which has incompatible hash semantics with current pipenv)
  • Updates test-setup.yml and test-unit.yml to invoke pipenv as
    {{ python_venv_dir }}/bin/pipenv (/tmp/venv/bin/pipenv)
  • Adds --deploy to pipenv install --dev in test-unit.yml for
    strict lock-file verification on every run
  • Regenerates Pipfile.lock with pipenv 2026.5.2 to resolve the hash
    mismatch introduced by PEP 503 name normalization in pipenv 2026.4.0;
    incidental lock bumps: pytz 2026.1.post1 → 2026.2, wcwidth 0.6.0 → 0.7.0

Dependency

Requires osism/zuul-jobs#182 (ensure-pipenv role) to be merged first.

Test plan

  • Verify Zuul unit-test and test-setup jobs pass with pinned pipenv
  • Verify pipenv install --dev --deploy no longer reports stale lock locally

🤖 AI-assisted: Claude Code

@ideaship
Pin pipenv in CI via ensure-pipenv and regenerate lock
a0364c7 
Switch pre.yml to the ensure-pipenv role from osism/zuul-jobs
(after ensure-pip), following the same pattern established in
osism/netbox-manager#235.  Remove the system pipenv package (Debian
Bookworm ships 2022.12.19) which has incompatible hash semantics with
current pipenv releases.

Update test-setup.yml and test-unit.yml to invoke pipenv as
{{ python_venv_dir }}/bin/pipenv (/tmp/venv/bin/pipenv), consistent
with the python_venv_dir already set in pre.yml.  Add --deploy to
the pipenv install --dev call in test-unit.yml so the lock file is
verified strictly on every run.

Regenerate Pipfile.lock with pipenv 2026.5.2 (the version pinned by
the ensure-pipenv role).  pipenv 2026.4.0 introduced PEP 503 name
normalization before hashing, causing hash mismatches when the old
Debian-packaged pipenv generated the lock but a newer pipenv consumed
it.  The regenerated lock picks up incidental version bumps in pytz
(2026.1.post1 → 2026.2) and wcwidth (0.6.0 → 0.7.0).

Requires the ensure-pipenv role to be merged in osism/zuul-jobs first.

AI-assisted: Claude Code
Signed-off-by: Roger Luethi <luethi@osism.tech>
@ideaship ideaship marked this pull request as draft May 4, 2026 14:17
sourcery-ai[bot]
sourcery-ai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • You now define python_venv_dir: /tmp/venv separately in both test-unit.yml and test-setup.yml; consider centralizing this (e.g., via a group_var, role var, or reusing the variable exposed by ensure-pipenv) so the virtualenv path stays consistent in one place.
  • Since you're calling ensure-pipenv, it would be good to align the hardcoded {{ python_venv_dir }}/bin/pipenv path with whatever path that role actually provisions (or parameterize it), to avoid subtle breakage if the role’s default venv location changes.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- You now define `python_venv_dir: /tmp/venv` separately in both `test-unit.yml` and `test-setup.yml`; consider centralizing this (e.g., via a group_var, role var, or reusing the variable exposed by `ensure-pipenv`) so the virtualenv path stays consistent in one place.
- Since you're calling `ensure-pipenv`, it would be good to align the hardcoded `{{ python_venv_dir }}/bin/pipenv` path with whatever path that role actually provisions (or parameterize it), to avoid subtle breakage if the role’s default venv location changes.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@ideaship ideaship requested a review from berendt May 4, 2026 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@berendt berendt Awaiting requested review from berendt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ideaship