cal/major-domo-v2
1
0
Fork 0
Code Issues 6 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

chore: pin all Python dependency versions in requirements.txt (#76) #77

Merged
cal merged 1 commits from ai/major-domo-v2-76 into main 2026-03-10 14:05:49 +00:00
Conversation 0 Commits 1 Files Changed 3 +28 -10
Claude commented 2026-03-10 06:03:49 +00:00
Collaborator
Copy Link

Summary

Fixes #76. Pins all floor-constrained Python dependencies to exact versions and separates dev/test tools from the production Docker image.

Changes

requirements.txt (production runtime — used by Dockerfile)

  • redis>=5.0.0redis==7.3.0
  • Removed dev/test tools (pytest, pytest-asyncio, pytest-mock, aioresponses, black, ruff) — these were never needed in the production image

requirements-dev.txt (new file — local dev and CI testing)

  • Starts with -r requirements.txt to include all production deps
  • Pins previously floor-constrained tools:
    • pytest-mock>=3.10.0pytest-mock==3.15.1
    • black>=23.0.0black==26.1.0
    • ruff>=0.1.0ruff==0.15.0
  • Already-pinned test deps retained: pytest==8.4.1, pytest-asyncio==1.0.0, aioresponses==0.7.8

CLAUDE.md

  • Added Dependencies section documenting the pinning policy
  • Documents that pip install -r requirements-dev.txt is required for local dev/testing
  • Explicitly prohibits >= and ~= constraints

Test Results

930 passed, 3 skipped in 4.33s

Note for deployers

To run tests locally after this change:

pip install -r requirements-dev.txt
python -m pytest --tb=short -q

The Dockerfile is unchanged — it still installs only requirements.txt, which is now cleaner (production deps only).

## Summary Fixes #76. Pins all floor-constrained Python dependencies to exact versions and separates dev/test tools from the production Docker image. ## Changes ### `requirements.txt` (production runtime — used by Dockerfile) - `redis>=5.0.0` → `redis==7.3.0` - Removed dev/test tools (`pytest`, `pytest-asyncio`, `pytest-mock`, `aioresponses`, `black`, `ruff`) — these were never needed in the production image ### `requirements-dev.txt` (new file — local dev and CI testing) - Starts with `-r requirements.txt` to include all production deps - Pins previously floor-constrained tools: - `pytest-mock>=3.10.0` → `pytest-mock==3.15.1` - `black>=23.0.0` → `black==26.1.0` - `ruff>=0.1.0` → `ruff==0.15.0` - Already-pinned test deps retained: `pytest==8.4.1`, `pytest-asyncio==1.0.0`, `aioresponses==0.7.8` ### `CLAUDE.md` - Added **Dependencies** section documenting the pinning policy - Documents that `pip install -r requirements-dev.txt` is required for local dev/testing - Explicitly prohibits `>=` and `~=` constraints ## Test Results ``` 930 passed, 3 skipped in 4.33s ``` ## Note for deployers To run tests locally after this change: ```bash pip install -r requirements-dev.txt python -m pytest --tb=short -q ``` The Dockerfile is unchanged — it still installs only `requirements.txt`, which is now cleaner (production deps only).
Claude added 1 commit 2026-03-10 06:03:51 +00:00
chore: pin all Python dependency versions in requirements.txt (#76)
All checks were successful
Build Docker Image / build (pull_request) Successful in 2m58s
Details
88edd1fa10 
- Pin redis==7.3.0 and move to requirements.txt (production)
- Create requirements-dev.txt with all dev/test deps pinned to exact versions
  (pytest-mock==3.15.1, black==26.1.0, ruff==0.15.0)
- Remove dev/test tools from requirements.txt (not needed in Docker image)
- Document pinning policy and requirements-dev.txt usage in CLAUDE.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude added the
ai-reviewing
 label 2026-03-10 06:15:48 +00:00
Claude reviewed 2026-03-10 06:17:42 +00:00
Claude left a comment
Author
Collaborator
Copy Link

AI Code Review

Files Reviewed

  • requirements.txt (modified)
  • requirements-dev.txt (added)
  • CLAUDE.md (modified)

Findings

Correctness

  • All floor-constrained deps correctly pinned: redis>=5.0.0redis==7.3.0, pytest-mock>=3.10.0pytest-mock==3.15.1, black>=23.0.0black==26.1.0, ruff>=0.1.0ruff==0.15.0.
  • Already-pinned deps (pytest==8.4.1, pytest-asyncio==1.0.0, aioresponses==0.7.8) correctly retained in requirements-dev.txt.
  • requirements-dev.txt uses -r requirements.txt at the top, ensuring full production dep chain is included — correct pattern.
  • pygsheets==2.0.6 retained in requirements.txt (confirmed by diff — only a newline was added, not a deletion).
  • Dockerfile is unchanged and only installs requirements.txt — production image will not pull in dev tools.

Security

  • No issues found. Removing dev/test tooling from the production Docker image is a minor security improvement (reduced attack surface, smaller image).

Style & Conventions

  • CLAUDE.md Dependencies section follows the existing documentation style and explicitly prohibits >=/~= constraints — this correctly codifies the intent.
  • File split (requirements.txt / requirements-dev.txt) is a well-established convention.

Suggestions

  • The CI workflow (docker-build.yml) only builds and pushes Docker images — there is no test step. This means the requirements-dev.txt split has no direct effect on CI today. If a test job is added in the future, the workflow will need pip install -r requirements-dev.txt. The CLAUDE.md update captures this sufficiently, but a comment in the workflow file (near the checkout step) could serve as a reminder. Not a blocker.
  • redis==7.3.0 is a significant version jump from the previous floor of 5.0.0 — the redis-py client was in the 5.x range as of mid-2025. If this pinned version was selected from the current PyPI latest (rather than a known-good version), consider verifying its changelog for any breaking changes against the caching decorators in utils/decorators.py. The PR reports 930 tests passing, which provides reasonable confidence.

Verdict: COMMENT (approved)

Clean, correct implementation. The dev/prod split is properly structured, the CLAUDE.md update accurately documents the new policy, and the Docker image is correctly unaffected. No issues that block merging.

Automated review by Claude PR Reviewer

## AI Code Review ### Files Reviewed - `requirements.txt` (modified) - `requirements-dev.txt` (added) - `CLAUDE.md` (modified) ### Findings #### Correctness - All floor-constrained deps correctly pinned: `redis>=5.0.0` → `redis==7.3.0`, `pytest-mock>=3.10.0` → `pytest-mock==3.15.1`, `black>=23.0.0` → `black==26.1.0`, `ruff>=0.1.0` → `ruff==0.15.0`. - Already-pinned deps (`pytest==8.4.1`, `pytest-asyncio==1.0.0`, `aioresponses==0.7.8`) correctly retained in `requirements-dev.txt`. - `requirements-dev.txt` uses `-r requirements.txt` at the top, ensuring full production dep chain is included — correct pattern. - `pygsheets==2.0.6` retained in `requirements.txt` (confirmed by diff — only a newline was added, not a deletion). - Dockerfile is unchanged and only installs `requirements.txt` — production image will not pull in dev tools. #### Security - No issues found. Removing dev/test tooling from the production Docker image is a minor security improvement (reduced attack surface, smaller image). #### Style & Conventions - `CLAUDE.md` Dependencies section follows the existing documentation style and explicitly prohibits `>=`/`~=` constraints — this correctly codifies the intent. - File split (`requirements.txt` / `requirements-dev.txt`) is a well-established convention. #### Suggestions - The CI workflow (`docker-build.yml`) only builds and pushes Docker images — there is no test step. This means the `requirements-dev.txt` split has no direct effect on CI today. If a test job is added in the future, the workflow will need `pip install -r requirements-dev.txt`. The `CLAUDE.md` update captures this sufficiently, but a comment in the workflow file (near the checkout step) could serve as a reminder. Not a blocker. - `redis==7.3.0` is a significant version jump from the previous floor of `5.0.0` — the redis-py client was in the 5.x range as of mid-2025. If this pinned version was selected from the current PyPI latest (rather than a known-good version), consider verifying its changelog for any breaking changes against the caching decorators in `utils/decorators.py`. The PR reports 930 tests passing, which provides reasonable confidence. ### Verdict: COMMENT (approved) Clean, correct implementation. The dev/prod split is properly structured, the CLAUDE.md update accurately documents the new policy, and the Docker image is correctly unaffected. No issues that block merging. --- *Automated review by Claude PR Reviewer*
Claude added
ai-reviewed
 and removed
ai-reviewing
 labels 2026-03-10 06:18:12 +00:00
cal merged commit 2f7b82e377 into main 2026-03-10 14:05:49 +00:00
cal deleted branch ai/major-domo-v2-76 2026-03-10 14:05:49 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
ai-changes-requested

   
ai-pr-opened

   
ai-reviewed

   
ai-reviewing

   
ai-working

   
in-next-release

Fix included in the next-release branch, pending merge to main

  
status/in-progress

Work is actively in progress

  
status/pr-open

A pull request has been opened for this issue

No Label
ai-changes-requested
ai-pr-opened
ai-reviewed
ai-reviewing
ai-working
in-next-release
status/in-progress
status/pr-open
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/major-domo-v2#77
No description provided.
Delete Branch "ai/major-domo-v2-76"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?