Skip to content

Fix red CI: re-lock uv.lock to 0.8.6 + drop broken npm Dependabot stanza#13

Merged
christopherarter merged 3 commits into
mainfrom
fix/ci-stale-lockfile
Jun 1, 2026
Merged

Fix red CI: re-lock uv.lock to 0.8.6 + drop broken npm Dependabot stanza#13
christopherarter merged 3 commits into
mainfrom
fix/ci-stale-lockfile

Conversation

@christopherarter

Copy link
Copy Markdown
Contributor

Why CI is red

main has been failing CI since v0.8.6. The first CI step, uv sync --locked --all-extras, hard-fails:

The lockfile at `uv.lock` needs to be updated, but `--locked` was provided.
##[error]Process completed with exit code 1.

The Release v0.8.6 commit (625a415) bumped the version in pyproject.toml, plugin.json, marketplace.json, and src/bully/__init__.py — but never re-ran uv lock, so the committed uv.lock still pinned the editable bully package at 0.8.5. Since 721a16d switched CI to uv sync --locked, that one-line mismatch turns the whole pipeline red. Every branch cut from main (including the open Dependabot PRs) inherits the failure.

Separately, the weekly npm Dependabot job errors on every run with dependency_file_not_found: /package.json not found — there is no root package.json, and Dependabot hard-errors instead of no-op'ing on a missing manifest.

What this PR changes

  1. Re-lock uv.lock to 0.8.6 — the actual CI fix. One-line lock diff; uv lock --check confirms in-sync.
  2. Drop the npm ecosystem from .github/dependabot.yml — stops the recurring failed Dependabot job; comment records the why for whoever adds node tooling.
  3. Fix the release-bully skill (recurrence prevention) — add a uv lock step + include uv.lock in the release commit, and correct the stale pipeline/pipeline.pysrc/bully/__init__.py version-field path.

Verification

All six CI steps pass locally on this branch:

  • uv sync --locked --all-extras
  • ruff check ✓ · ruff format --check ✓ (99 files) · shellcheck
  • pytest -q442 passed, 1 skipped
  • bully dogfood ✓ (exit 0)

Follow-up (after merge)

The 3 open Dependabot PRs (#10 checkout v6, #11 shellcheck-py, #12 ruff-pre-commit) are red only because of the stale lock they inherited — none has an independent problem (the pre-commit bumps don't even touch ci.yml). Once this merges, @dependabot rebase each to pick up the fixed lock; they should go green.

🤖 Generated with Claude Code

christopherarter and others added 3 commits June 1, 2026 10:58
The Release v0.8.6 commit (625a415) bumped the version in pyproject.toml,
plugin.json, marketplace.json, and src/bully/__init__.py but never re-ran
`uv lock`, so the committed uv.lock still pinned the editable bully package at
0.8.5. Since 721a16d switched CI to `uv sync --locked --all-extras`, that
version mismatch hard-fails the first CI step ("The lockfile at `uv.lock` needs
to be updated, but `--locked` was provided"), turning main red since v0.8.6.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The npm stanza was added on the assumption it would be a harmless no-op until a
package.json lands, but Dependabot hard-errors on a missing manifest
("dependency_file_not_found: /package.json not found") and reports the whole
update job as failed on every weekly run. There is no root package.json, so
remove the stanza; the comment now records the why for whoever adds node tooling.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Prevents the v0.8.6 CI breakage from recurring. The release workflow bumped the
version in five files but never re-ran `uv lock`, leaving the editable bully
package stale in uv.lock and failing CI's `uv sync --locked`. Add an explicit
`uv lock` step in §3, include uv.lock in the §6 release commit and §5 verify
diff, and add a common-mistakes row. Also correct the version-field path from
the pre-restructure `pipeline/pipeline.py` to `src/bully/__init__.py` (where
BULLY_VERSION now lives) in the table, both grep commands, and the §3 step.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@christopherarter christopherarter merged commit 2a1b7b8 into main Jun 1, 2026
2 checks passed
@christopherarter christopherarter deleted the fix/ci-stale-lockfile branch June 1, 2026 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant