Skip to content

Extend PyPI-proxy lock check to *.py.lock#5830

Open
janniklasrose wants to merge 1 commit into
mainfrom
janniklasrose/proxy-py-lock
Open

Extend PyPI-proxy lock check to *.py.lock#5830
janniklasrose wants to merge 1 commit into
mainfrom
janniklasrose/proxy-py-lock

Conversation

@janniklasrose

@janniklasrose janniklasrose commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Changes

Similar to #5800 (which added check-uv-lock for *uv.lock), extend the backstop to *.py.lock and rename it to check-lockfiles. It fails if an internal *.databricks.com PyPI proxy URL leaks into a committed lock's source.registry, so task checks (and CI via check.yml) surfaces the violation — no local git hook required.

internal/genkit/tagging.py.lock already carried pypi-proxy.cloud.databricks.com URLs, so this normalizes them back to pypi.org. The proxy is a transparent pypi.org mirror (identical artifact URLs and hashes), so only source.registry lines change.

Why

#5800 only handled the uv.lock case; *.py.lock (currently just tagging.py.lock) was left uncovered and had been carrying proxy URLs since it was introduced.

Note: unlike the pydabs-codegen task for *uv.lock, the generate-clijson task does not yet revert this churn, so regenerating tagging.py.lock will trip the check until a follow-up adds the rewrite. This is called out in the task comment.

Tests

task check-lockfiles passes with the fix and fails (exit 1) when the proxy URL is present. task checks runs green.

This PR was written by Isaac, an AI coding agent.

Broaden the check-uv-lock backstop (added in #5800 for *uv.lock) to also
cover *.py.lock, and rename it to check-lockfiles. It fails if an internal
*.databricks.com PyPI proxy URL leaks into a committed lock's
source.registry, so `task checks` (and CI, via check.yml) surfaces the
violation without relying on a local git hook.

internal/genkit/tagging.py.lock already carried proxy URLs, so normalize
them back to pypi.org to keep the check (and main) green. The proxy is a
transparent pypi.org mirror, so only source.registry changes.

Unlike pydabs-codegen for *uv.lock, generate-clijson does not yet revert
this churn, so regenerating tagging.py.lock will trip the check until a
follow-up adds the rewrite. Noted in the task comment.

Co-authored-by: Isaac
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Approval status: pending

/internal/ - needs approval

Files: internal/genkit/tagging.py.lock
Suggested: @rauchy
Also eligible: @simonfaltum, @renaudhartert-db, @hectorcast-db, @parthban-db, @tanmay-db, @Divyansh-db, @tejaskochar-db, @mihaimitrea-db, @chrisst

General files (require maintainer)

Files: Taskfile.yml
Based on git history:

  • @pietern -- recent work in ./

Any maintainer (@andrewnester, @anton-107, @denik, @pietern, @shreyas-goenka, @simonfaltum, @renaudhartert-db) can approve all areas.
See OWNERS for ownership rules.

@eng-dev-ecosystem-bot

Copy link
Copy Markdown
Collaborator

Integration test report

Commit: 0bf2d66

Run: 28666645973

Env 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 4 15 230 1045 3:52
💚​ aws windows 4 15 232 1043 3:54
🔄​ aws-ucws linux 4 4 15 310 963 5:50
🔄​ aws-ucws windows 1 4 15 315 961 4:13
💚​ azure linux 4 15 230 1044 4:15
💚​ azure windows 4 15 232 1042 3:57
💚​ azure-ucws linux 4 15 316 960 6:58
💚​ azure-ucws windows 4 15 318 958 4:08
💚​ gcp linux 4 15 229 1046 3:48
💚​ gcp windows 4 15 231 1044 3:36
24 interesting tests: 15 SKIP, 5 flaky, 4 RECOVERED
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
💚​ TestAccept 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/invariant/no_drift 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/replace_existing 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/recreate/embedding_dimension 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestClustersGet ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestFsLsForNonexistingDir ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestFsLsForNonexistingDir/dbfs ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestFsMkdir ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestFsMkdir/uc-volumes 🙈​s 🙈​s 🔄​f ✅​p 🙈​s 🙈​s ✅​p ✅​p 🙈​s 🙈​s
💚​ TestFetchRepositoryInfoAPI_FromRepo 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/root 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/subdir 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
Top 5 slowest tests (at least 2 minutes):
duration env testname
3:05 aws windows TestAccept
3:02 azure windows TestAccept
2:59 aws-ucws windows TestAccept
2:50 gcp windows TestAccept
2:42 azure-ucws windows TestAccept

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants