Skip to content

fix: poetry upstream resolution, health-check detection, and dead release links#102

Merged
CybotTM merged 1 commit into
mainfrom
fix/poetry-upstream-and-dead-links
Jul 8, 2026
Merged

fix: poetry upstream resolution, health-check detection, and dead release links#102
CybotTM merged 1 commit into
mainfrom
fix/poetry-upstream-and-dead-links

Conversation

@CybotTM

@CybotTM CybotTM commented Jul 8, 2026

Copy link
Copy Markdown
Member

Three related upstream/version-correctness fixes, all surfaced from a real
make update/make upgrade run.

1. poetry showed latest: n/a

_derive_source() returned skip for poetry: its homepage python-poetry.org
matches neither python.org nor pypi.org, and install_method: package_manager
carries no pip/uv_tool hint. Now the catalog can declare an explicit
source_kind, and poetry.json sets pypi → resolves latest from PyPI.

2. Health check ignored poetry

check_python_package_managers.sh only knew pip/pipx, so uv + poetry
reported "Only uv – optimal". It now detects poetry and conda too, counts
them, and drops the "optimal" verdict when they're present (with a note that
poetry is a project-level manager, removable if unused).

3. Dead release links (missing v)

GitHub/GitLab release URLs were built from the normalized version
(…/releases/tag/1.7.12), but the real tag is v1.7.12404. The
collectors now return the raw tag for the URL while still normalizing the
version number for display/compare. Confirmed live: actionlint's URL is now
…/releases/tag/v1.7.12HTTP 200. make update also hyperlinks the
latest version (was unlinked; respects CLI_AUDIT_LINKS=0).

Verification

  • pytest: 642 passed, 1 skipped (+8 new tests: explicit source_kind,
    raw-tag URLs for gh/gitlab, collector raw-tag returns, health-check detection).
  • Gating flake8 (E9,F63,F7,F82): clean. Smoke: pass.
  • Live checks: poetry → 2.4.1 from PyPI; actionlint link → 200.

Note: the committed upstream_versions.json baseline still holds the old
v-less URLs; those refresh on the next make update-baseline (kept out of
this PR to avoid mixing in unrelated version bumps). make upgrade re-collects
live, so it's fixed immediately by the code change.

No version bump / CHANGELOG (feature branch).

Copilot AI review requested due to automatic review settings July 8, 2026 07:29
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@codecov

codecov Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 70.96774% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.33%. Comparing base (77ab3b1) to head (1e9867e).

Files with missing lines Patch % Lines
cli_audit/collectors.py 57.89% 8 Missing ⚠️
cli_audit/catalog.py 90.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #102      +/-   ##
==========================================
+ Coverage   69.82%   71.33%   +1.50%     
==========================================
  Files          22       22              
  Lines        3347     3359      +12     
==========================================
+ Hits         2337     2396      +59     
+ Misses       1010      963      -47     
Flag Coverage Δ
unittests 71.33% <70.96%> (+1.50%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for explicit upstream source declarations in the tool catalog (allowing tools like Poetry to resolve to PyPI), preserves raw tags from GitHub and GitLab to ensure release URLs resolve correctly, and updates the Python package manager health check script to detect Poetry and Conda. The review feedback highlights several improvement opportunities: sanitizing URLs before terminal output to prevent escape sequence injection, handling string values robustly when parsing source_args, and adding defensive type checks on parsed JSON responses from external APIs to prevent potential runtime errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread audit.py
Comment thread cli_audit/catalog.py
Comment thread cli_audit/collectors.py Outdated
Comment thread cli_audit/collectors.py Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves upstream version correctness and user-facing output around Python tooling and release links by (1) allowing catalog entries to explicitly define their upstream source, (2) preserving raw VCS tags for release URL construction, and (3) expanding the Python package manager health check to recognize additional tools.

Changes:

  • Add source_kind / source_args support in the catalog and set poetry to resolve upstream versions via PyPI.
  • Update GitHub/GitLab collectors to return raw tags (for correct release URLs) while still extracting normalized version numbers.
  • Extend check_python_package_managers.sh detection to include poetry and conda, and hyperlink latest versions in cmd_update progress output; add targeted tests.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
tests/test_upstream_links.py Adds regression tests for explicit source_kind, raw-tag URLs, and health-check detection.
scripts/check_python_package_managers.sh Detects poetry/conda, counts them, and adjusts messaging/“optimal” verdict logic.
cli_audit/collectors.py Preserves raw release tags from GitHub/GitLab while extracting normalized version numbers.
cli_audit/catalog.py Allows catalog JSON to explicitly declare upstream source routing (source_kind/source_args).
catalog/poetry.json Declares poetry upstream as PyPI via source_kind: pypi.
audit.py Hyperlinks the “latest” value in cmd_update progress output using OSC8 when enabled.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread cli_audit/collectors.py
…e tags

Three related upstream/version-correctness fixes:

- poetry showed 'latest: n/a' because _derive_source() returned 'skip' (homepage
  python-poetry.org matches neither python.org nor pypi.org, and install_method
  package_manager carries no pip/uv_tool hint). Support an explicit source_kind
  in the catalog and set poetry.json to pypi.
- The Python package-manager health check only knew pip/pipx, so uv + poetry
  reported 'optimal'. Detect poetry and conda too.
- GitHub/GitLab release URLs were built from the normalized version
  (.../releases/tag/1.7.12) but the real tag is v1.7.12 -> dead links. The
  collectors now return the raw tag for the URL while still normalizing the
  version number for display/compare. make update also hyperlinks the version.

Signed-off-by: Sebastian Mendel <github@sebastianmendel.de>
@CybotTM CybotTM force-pushed the fix/poetry-upstream-and-dead-links branch from b8b80a0 to 1e9867e Compare July 8, 2026 07:54
@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

@CybotTM CybotTM requested a review from Copilot July 8, 2026 07:55
@CybotTM CybotTM merged commit f03b57e into main Jul 8, 2026
22 checks passed
@CybotTM CybotTM deleted the fix/poetry-upstream-and-dead-links branch July 8, 2026 07:56

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Comment on lines +105 to +109
script = (ROOT / "scripts" / "check_python_package_managers.sh").read_text()
assert "has_poetry" in script
assert "command -v poetry" in script
# "optimal" must require the absence of poetry
assert "! $has_poetry" in script
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants