ci: Keep setuptools-scm in sync across CI

[webknjaz]

• This PR fixes a bug in CI

Description of your changes

The patch makes sure that the same version of setuptools-scm is used by different packaging-related environments in the repository, including GHA and tox.

How can we test changes

Look at the CI status.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated CI to use constraints-based dependency installation for versioning tooling.
  • Added a locked constraints file to stabilize build dependencies.
  • Adjusted build tooling to respect the constraints during distribution builds.
  • Improves build determinism and consistency across environments with no impact on user-facing functionality.

Walkthrough

Introduces a pip constraints file for dist builds, updates the CI workflow to install setuptools-scm using that constraints file, and configures tox’s build-dists environment to pass the same constraints via PIP_CONSTRAINT. No application/runtime code changes.

Changes

Cohort / File(s)	Summary of changes
CI workflow .github/workflows/ci-cd.yml	Modified setuptools-scm installation in “Set up versioning prerequisites” to use an unconstrained spec with a constraints file (--constraint=dependencies/lock-files/dist-build-constraints.txt). Maintains setuptools_scm use to derive dist-version.
Build constraints dependencies/lock-files/dist-build-constraints.txt	Added autogenerated constraints lock file (Python 3.12) pinning packaging==24.1, setuptools-scm==8.1.0, and marking setuptools==73.0.0 under “unsafe” section.
Tox config tox.ini	Added set_env for [testenv:build-dists] to set PIP_CONSTRAINT to the new constraints file. No other tox commands changed.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions CI
  participant Pip as pip
  participant SCM as setuptools_scm

  Dev->>GH: Push/PR triggers workflow
  GH->>Pip: pip install setuptools-scm<br/>--constraint=dependencies/lock-files/dist-build-constraints.txt
  Pip-->>GH: Installed per constraints
  GH->>SCM: Compute version from Git
  SCM-->>GH: dist-version
  note over GH: Subsequent steps use computed version

Loading

sequenceDiagram
  autonumber
  participant Tox as tox [build-dists]
  participant Env as PIP (env)
  participant Pip as pip

  Tox->>Env: Set PIP_CONSTRAINT=dependencies/lock-files/dist-build-constraints.txt
  Tox->>Pip: Install build deps for dists
  Pip-->>Tox: Resolve/install per constraints
  note over Tox: Build distributions with constrained deps

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• antonbabenko
• yermulnik

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR ensures that the same version of setuptools-scm is used consistently across different packaging-related environments in the repository. The change introduces a shared constraint file to synchronize version dependencies between GitHub Actions and tox environments.

• Adds a new constraint file dist-build-constraints.txt with pinned versions of packaging-related dependencies
• Updates the GitHub Actions CI workflow to use the constraint file instead of a version range
• Configures tox to use the same constraint file via environment variables

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
dependencies/lock-files/dist-build-constraints.txt	New constraint file pinning setuptools-scm to version 8.1.0 and related dependencies
tox.ini	Adds environment variable to use the constraint file in tox packaging environments
.github/workflows/ci-cd.yml	Updates setuptools-scm installation to use constraint file instead of version range

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

dependencies/lock-files/dist-build-constraints.txt (1)

12-16: Keep “unsafe” setuptools pin only if needed.

Including setuptools in constraints is fine, but if you’re not intending to constrain it globally, consider dropping it from the compiled output to reduce accidental coupling. If you do want it constrained for builds, leave as-is.

tox.ini (2)

156-157: Optional: promote PIP_CONSTRAINT to [testenv] to cover future pip calls.

If any other env later installs build tooling (e.g., metadata-validation spawning an isolated env), consider setting PIP_CONSTRAINT at the [testenv] level to apply repo-wide, then override where not desired.

 [testenv]
 description = Run pytest under {envpython}
 dependency_groups =
   testing
+set_env =
+  PIP_CONSTRAINT = {toxinidir}{/}dependencies{/}lock-files{/}dist-build-constraints.txt
@@
 [testenv:build-dists]
-commands_post =
-package = skip
-set_env =
-  PIP_CONSTRAINT = {toxinidir}{/}dependencies{/}lock-files{/}dist-build-constraints.txt
+commands_post =
+package = skip

---

140-154: Consider logging resolved build-time tool versions for traceability.

Add a post-build echo of the setuptools-scm version that python -m build used (it inherits PIP_CONSTRAINT). This helps detect drift quickly.

 commands =
   {envpython} \
@@
     -m build \
       {posargs:}
+  {envpython} - <<'PY'
+import importlib, json
+mods = {m: importlib.import_module(m).__version__ for m in ("setuptools_scm","packaging")}
+print("build-tool-versions:", json.dumps(mods, sort_keys=True))
+PY

.github/workflows/ci-cd.yml (1)

188-194: Optional: surface versions to job logs for easier debugging.

Right after installing, print setuptools_scm and packaging versions to confirm constraints took effect.

     pip install
     --user
     setuptools-scm
     --constraint=dependencies/lock-files/dist-build-constraints.txt
+    && python - <<'PY'
+import importlib
+print("setuptools_scm:", importlib.import_module("setuptools_scm").__version__)
+print("packaging:", importlib.import_module("packaging").__version__)
+PY

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between acf85ff and af28394.

📒 Files selected for processing (3)

• .github/workflows/ci-cd.yml (1 hunks)
• dependencies/lock-files/dist-build-constraints.txt (1 hunks)
• tox.ini (1 hunks)

🧰 Additional context used

🪛 LanguageTool

dependencies/lock-files/dist-build-constraints.txt

[grammar] ~2-~2: There might be a mistake here.
Context: ...enerated by pip-compile with Python 3.12 # by the following command: # # tox r -...

(QB_NEW_EN)

---

[grammar] ~7-~7: There might be a mistake here.
Context: ...-compile-build-lock -- # packaging==24.1 # via setuptools-scm setuptools-scm==8.1...

(QB_NEW_EN)

---

[grammar] ~8-~8: There might be a mistake here.
Context: ...packaging==24.1 # via setuptools-scm setuptools-scm==8.1.0 # via awx-plug...

(QB_NEW_EN)

---

[grammar] ~9-~9: There might be a mistake here.
Context: ...via setuptools-scm setuptools-scm==8.1.0 # via awx-plugins-core (pyproject.toml::...

(QB_NEW_EN)

🔇 Additional comments (5)

dependencies/lock-files/dist-build-constraints.txt (2)

1-11: LGTM: constraints file added and wired for builds.

The pins look sane and the header documents the regeneration command.

---

2-10: No action needed: pinned dependencies support Python 3.13. packaging==24.1 explicitly lists Python 3.13 in its classifiers (pypi.org); setuptools-scm==8.1.0 declares “Requires: Python >=3.8,” which covers 3.13 (pypi.org).

tox.ini (1)

140-157: Good: propagate a single constraints source into dist builds.

Setting PIP_CONSTRAINT in build-dists keeps python -m build’s isolated env aligned with CI. Nice.

.github/workflows/ci-cd.yml (2)

188-194: Align GHA install with constraints: looks good.

Switching to unconstrained package name with --constraint ensures CI and tox use the same setuptools-scm version. Nice.

---

109-116: Minor: keep Python versions consistent with lock provenance.

You’re compiling the lock with Py3.12 but using Py3.13 here. That’s typically fine, but if you hit resolution issues on future updates, consider regenerating the lock under 3.13 or multi-Python constraints.

[antonbabenko]

This PR is included in version 1.100.1 🎉