Skip to content

[codex] harden dependency pin guard#292

Merged
Pigbibi merged 1 commit into
mainfrom
codex/harden-dependency-pin-guard-20260703
Jul 3, 2026
Merged

[codex] harden dependency pin guard#292
Pigbibi merged 1 commit into
mainfrom
codex/harden-dependency-pin-guard-20260703

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • expand the dependency pin guard from QPK-only checks to all QuantStrategyLab direct git refs
  • include constraints*.txt in the scanned dependency files
  • make the CI pin guard blocking where it was previously continue-on-error
  • add regression coverage for constraints scanning, blocking CI, and internal pin drift detection

Why

A deployment can fail when requirements.txt and constraints.txt carry different git refs for the same internal package. This hardens CI so that drift is caught before Docker/Cloud Run deploy.

Validation

  • python3 scripts/check_qpk_pin_consistency.py
  • python3 -m pytest -q tests/test_dependency_pin_guard.py
  • actionlint .github/workflows/ci.yml
  • git diff --check

Co-Authored-By: Codex <noreply@openai.com>
@Pigbibi Pigbibi merged commit 6119cef into main Jul 3, 2026
2 checks passed
@Pigbibi Pigbibi deleted the codex/harden-dependency-pin-guard-20260703 branch July 3, 2026 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant