Add git-versioning starting_version for Dependabot#807
Conversation
zha-quirks depends on zha, which forms a self-referential cycle via the testing dependency group (zha -> zha-quirks -> zha>=2.0.0). With the dynamic git-tag version this resolves fine locally and in CI, but a from-scratch resolve without reachable tags (e.g. Dependabot) computes the fallback 0.0.1, fails zha-quirks's zha>=2.0.0 constraint, and renders the lock unsatisfiable. Set setuptools-git-versioning's starting_version to 2.0.0 so a tagless checkout still satisfies the cycle. The committed lock is unchanged.
setuptools-git-versioning starting_version for Dependabotstarting_version for Dependabot
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## dev #807 +/- ##
==========================================
- Coverage 97.29% 97.29% -0.01%
==========================================
Files 55 55
Lines 10934 10933 -1
==========================================
- Hits 10638 10637 -1
Misses 296 296 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
In the future, we may look at breaking out the device snapshots from ZHA somewhat, introducing an alternative to Dependabot, or keeping a fixed ZHA version in For now, this should be fine. We only need to bump it when zha-quirks depends on a newer ZHA version (and thus ZHA depends on that newer ZAH version itself). Technically, I guess we could also set a really high number here, but the current |
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s dynamic versioning configuration to ensure dependency resolution succeeds in tagless environments (notably Dependabot), avoiding an unsatisfiable self-referential dependency cycle when zha-quirks requires zha>=2.0.0.
Changes:
- Configure
setuptools-git-versioningwith astarting_version = "2.0.0"fallback for checkouts with no reachable git tags. - Document why the fallback is needed (Dependabot/tagless clones) and note that it should be bumped on each major release.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Problem
Dependabot fails to resolve dependencies on this repo with:
This is fallout from the recent refactor.
zha-quirksnow depends onzha, andzhapullszha-quirksback in via thetestinggroup (for device snapshots), forming a self-referential cycle:uv satisfies
zha-quirks'szharequirement with the editable root project. That's fine as long as the root's own version satisfieszha>=2.0.0. Our version is dynamic (setuptools-git-versioning, from git tags):2.0.0is reachable → the project resolves as2.0.0→ the cycle closes →uv lock/uv syncsucceed.setuptools-git-versioningfalls back to0.0.1→0.0.1 < 2.0.0→ the cycle is unsatisfiable.The
python_full_version >= '3.15'marker is incidental:requires-python = ">=3.12"has no upper bound, so uv forks the resolution across the Python range and that fork is just where the failure surfaced.Fix
Set
setuptools-git-versioning'sstarting_versionto the current major, so a tagless checkout still computes a version that satisfieszha>=2.0.0:This attacks the root cause (the fallback version) rather than the cycle itself, and needs bumping on each major release.
Why not a uv
override-dependenciesonzha?That was the first candidate, but it doesn't work with the pinned uv (
uv>=0.11.16):override-dependencies = ["zha"]references the project's own name, so uv requires a[tool.uv.sources]entry for it. The only valid source (workspace = true) collapses the lock from 214 → 46 packages, dropping thehomeassistantextra andzha-quirksitself — i.e. exactly the deps the snapshot tests need.Verification
git clone --no-tags+uv lockon the base branch.2.0.0anduv lockresolves cleanly.uv.lockis byte-identical — locally/CI the git tag still drives the version, so nothing changes there. Onlypyproject.tomlis touched.