From 5d46db7d3f9b7ae6d2fe936d177a0e66b9fb4be4 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Fri, 10 Apr 2026 14:42:35 -0400 Subject: [PATCH 01/12] fix(python): handle Poetry groups without dependencies table --- .../file_parser/pyproject_files_parser.rb | 5 +++-- .../pyproject_files_parser_spec.rb | 15 +++++++++++++++ ...y_group_optional_without_dependencies.toml | 19 +++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 python/spec/fixtures/pyproject_files/poetry_group_optional_without_dependencies.toml diff --git a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb index 3e9ae55af9c..d202ee81d14 100644 --- a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb @@ -118,12 +118,13 @@ def pep621_pep735_dependencies sig do params( type: String, - deps_hash: T::Hash[String, - T.untyped] + deps_hash: T.nilable(T::Hash[String, + T.untyped]) ).returns(Dependabot::FileParsers::Base::DependencySet) end def parse_poetry_dependency_group(type, deps_hash) dependencies = Dependabot::FileParsers::Base::DependencySet.new + return dependencies if deps_hash.nil? deps_hash.each do |name, req| next if normalise(name) == "python" diff --git a/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb b/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb index f51b4bfc66c..ec1ea4416e1 100644 --- a/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb +++ b/python/spec/dependabot/python/file_parser/pyproject_files_parser_spec.rb @@ -276,6 +276,21 @@ end end + context "with optional poetry group metadata and pep735 groups" do + subject(:dependency_names) { dependencies.map(&:name) } + + let(:pyproject_fixture_name) { "poetry_group_optional_without_dependencies.toml" } + + it "parses without error when tool.poetry.group has no dependencies table" do + expect { parser.dependency_set }.not_to raise_error + end + + it "includes dependencies declared in dependency-groups" do + expect(dependency_names).to include("requests") + expect(dependency_names).to include("onnxruntime-gpu") + end + end + context "with package specify source" do subject(:dependency) { dependencies.find { |f| f.name == "black" } } diff --git a/python/spec/fixtures/pyproject_files/poetry_group_optional_without_dependencies.toml b/python/spec/fixtures/pyproject_files/poetry_group_optional_without_dependencies.toml new file mode 100644 index 00000000000..eb909398cbd --- /dev/null +++ b/python/spec/fixtures/pyproject_files/poetry_group_optional_without_dependencies.toml @@ -0,0 +1,19 @@ +[tool.poetry] +name = "poetry-group-optional-without-dependencies" +version = "0.1.0" +description = "" +authors = ["Dependabot "] + +[tool.poetry.dependencies] +python = ">=3.11" + +[dependency-groups] +dev = [ + "requests==2.18.0", +] +gpu = [ + "onnxruntime-gpu==1.23.2", +] + +[tool.poetry.group.gpu] +optional = true From 98cba57f85026b8cf2f305b0e586f167366ad4e0 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Fri, 10 Apr 2026 15:02:49 -0400 Subject: [PATCH 02/12] Fix lint issue --- .../dependabot/python/file_parser/pyproject_files_parser.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb index d202ee81d14..9433a52730e 100644 --- a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb @@ -118,8 +118,9 @@ def pep621_pep735_dependencies sig do params( type: String, - deps_hash: T.nilable(T::Hash[String, - T.untyped]) + deps_hash: T.nilable( + T::Hash[String, T.untyped] + ) ).returns(Dependabot::FileParsers::Base::DependencySet) end def parse_poetry_dependency_group(type, deps_hash) From 93b7b66f4ba607a129ee57077f261c5561dedf17 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Fri, 10 Apr 2026 15:06:44 -0400 Subject: [PATCH 03/12] Fix CoPilot suggestions --- .../file_parser/pyproject_files_parser.rb | 4 +--- .../update_checker/poetry_version_resolver.rb | 4 +++- .../poetry_version_resolver_spec.rb | 8 ++++++++ .../poetry_metadata_only_group.toml | 20 +++++++++++++++++++ 4 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 python/spec/fixtures/pyproject_files/poetry_metadata_only_group.toml diff --git a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb index 9433a52730e..d164eb9fa52 100644 --- a/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb +++ b/python/lib/dependabot/python/file_parser/pyproject_files_parser.rb @@ -118,9 +118,7 @@ def pep621_pep735_dependencies sig do params( type: String, - deps_hash: T.nilable( - T::Hash[String, T.untyped] - ) + deps_hash: T.nilable(T::Hash[String, T.untyped]) ).returns(Dependabot::FileParsers::Base::DependencySet) end def parse_poetry_dependency_group(type, deps_hash) diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index 2d7ad0ff541..71166a54445 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -336,8 +336,10 @@ def set_target_dependency_req(pyproject_content, updated_requirement) TomlRB.dump(pyproject_object) end - sig { params(toml_node: T::Hash[String, T.untyped], requirement: String).void } + sig { params(toml_node: T.nilable(T::Hash[String, T.untyped]), requirement: String).void } def update_dependency_requirement(toml_node, requirement) + return unless toml_node + names = toml_node.keys pkg_name = names.find { |nm| normalise(nm) == dependency.name } return unless pkg_name diff --git a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb index 626d14c57b4..9fa18795c21 100644 --- a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb +++ b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb @@ -98,6 +98,14 @@ it { is_expected.to eq(Gem::Version.new("2.18.4")) } end + context "with a metadata-only poetry group" do + let(:pyproject_fixture_name) { "poetry_metadata_only_group.toml" } + + it "does not raise when a poetry group has no dependencies table" do + expect { latest_resolvable_version }.not_to raise_error + end + end + context "with a lockfile" do let(:dependency_files) { [pyproject, lockfile] } let(:dependency_version) { "2.18.0" } diff --git a/python/spec/fixtures/pyproject_files/poetry_metadata_only_group.toml b/python/spec/fixtures/pyproject_files/poetry_metadata_only_group.toml new file mode 100644 index 00000000000..71096bc4d0d --- /dev/null +++ b/python/spec/fixtures/pyproject_files/poetry_metadata_only_group.toml @@ -0,0 +1,20 @@ +[tool.poetry] +name = "poetry-metadata-only-group" +version = "2.0.0" +homepage = "https://github.com/roghu/py3_projects" +license = "MIT" +readme = "README.md" +authors = ["Dependabot "] +description = "Various small python projects." + +[tool.poetry.dependencies] +python = "3.11.1" +requests = "2.18.0" + +[dependency-groups] +gpu = [ + "onnxruntime-gpu==1.23.2", +] + +[tool.poetry.group.gpu] +optional = true From 8ec7b8184ec478223ddf4f12db25f73d3aa1a090 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Fri, 10 Apr 2026 15:14:27 -0400 Subject: [PATCH 04/12] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../python/update_checker/poetry_version_resolver_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb index 9fa18795c21..ec3de4f53fd 100644 --- a/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb +++ b/python/spec/dependabot/python/update_checker/poetry_version_resolver_spec.rb @@ -101,8 +101,8 @@ context "with a metadata-only poetry group" do let(:pyproject_fixture_name) { "poetry_metadata_only_group.toml" } - it "does not raise when a poetry group has no dependencies table" do - expect { latest_resolvable_version }.not_to raise_error + it "resolves the latest version when a poetry group has no dependencies table" do + expect(latest_resolvable_version).to eq(Gem::Version.new("2.18.4")) end end From 0ba52f199b5bab36ccfa14c27602d3911c4714c7 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Wed, 22 Apr 2026 13:26:14 -0400 Subject: [PATCH 05/12] Fix flaky smoke test --- .github/scripts/apply_smoke_overrides.rb | 47 ++++++++++++++++++++++++ .github/workflows/smoke.yml | 4 ++ 2 files changed, 51 insertions(+) create mode 100644 .github/scripts/apply_smoke_overrides.rb diff --git a/.github/scripts/apply_smoke_overrides.rb b/.github/scripts/apply_smoke_overrides.rb new file mode 100644 index 00000000000..7c490c486b0 --- /dev/null +++ b/.github/scripts/apply_smoke_overrides.rb @@ -0,0 +1,47 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# Applies suite-specific smoke input overrides without rewriting YAML formatting. +# This keeps smoke expectations deterministic while preserving raw fixture style. + +smoke_file = ARGV[0] +suite_name = ARGV[1] + +if smoke_file.nil? || suite_name.nil? + warn "usage: apply_smoke_overrides.rb " + exit 1 +end + +content = File.read(smoke_file) + +# Keep this policy narrow and explicit. These suites use Poetry lockfiles where +# transitive certifi releases can cause unrelated expectation churn. +poetry_suites = ["smoke-poetry.yaml", "smoke-python-poetry.yaml"] +unless poetry_suites.include?(suite_name) + exit 0 +end + +unless content.include?(" ignore-conditions:") && + content.include?("directory: /poetry") && + content.include?("name = \"certifi\"") + exit 0 +end + +exit 0 if content.include?("dependency-name: certifi") + +certifi_version_match = content.match(/name = "certifi".*?\n\s*version = "([^"]+)"/m) +exit 0 unless certifi_version_match + +certifi_version = certifi_version_match[1] +insert_block = [ + " - dependency-name: certifi", + " source: tests/#{suite_name}", + " version-requirement: \">#{certifi_version}\"" +].join("\n") + +updated = content.sub(/^ source:$/, "#{insert_block}\n source:") + +# If we cannot find the input source anchor, do not change anything. +exit 0 if updated == content + +File.write(smoke_file, updated) diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 20fc4c64f91..74e0752099a 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -106,6 +106,10 @@ jobs: path: smoke.yaml key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }} + - name: Stabilize Poetry transitive certifi + run: | + ruby .github/scripts/apply_smoke_overrides.rb smoke.yaml "${{ matrix.suite.name }}" + # Download the Proxy cache. The job is ideally 100% cached so no real calls are made. # Allowed to fail to get out of chicken and egg situations, for example, when adding a new ecosystem. - name: Download cache From 133a269a7bfa07eba6bb0c46d40d6da0ec3730e6 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Wed, 22 Apr 2026 13:33:48 -0400 Subject: [PATCH 06/12] Fix security alert --- .github/scripts/apply_smoke_overrides.rb | 47 ----------------- .github/scripts/apply_smoke_overrides.sh | 64 ++++++++++++++++++++++++ .github/workflows/smoke.yml | 2 +- 3 files changed, 65 insertions(+), 48 deletions(-) delete mode 100644 .github/scripts/apply_smoke_overrides.rb create mode 100644 .github/scripts/apply_smoke_overrides.sh diff --git a/.github/scripts/apply_smoke_overrides.rb b/.github/scripts/apply_smoke_overrides.rb deleted file mode 100644 index 7c490c486b0..00000000000 --- a/.github/scripts/apply_smoke_overrides.rb +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -# Applies suite-specific smoke input overrides without rewriting YAML formatting. -# This keeps smoke expectations deterministic while preserving raw fixture style. - -smoke_file = ARGV[0] -suite_name = ARGV[1] - -if smoke_file.nil? || suite_name.nil? - warn "usage: apply_smoke_overrides.rb " - exit 1 -end - -content = File.read(smoke_file) - -# Keep this policy narrow and explicit. These suites use Poetry lockfiles where -# transitive certifi releases can cause unrelated expectation churn. -poetry_suites = ["smoke-poetry.yaml", "smoke-python-poetry.yaml"] -unless poetry_suites.include?(suite_name) - exit 0 -end - -unless content.include?(" ignore-conditions:") && - content.include?("directory: /poetry") && - content.include?("name = \"certifi\"") - exit 0 -end - -exit 0 if content.include?("dependency-name: certifi") - -certifi_version_match = content.match(/name = "certifi".*?\n\s*version = "([^"]+)"/m) -exit 0 unless certifi_version_match - -certifi_version = certifi_version_match[1] -insert_block = [ - " - dependency-name: certifi", - " source: tests/#{suite_name}", - " version-requirement: \">#{certifi_version}\"" -].join("\n") - -updated = content.sub(/^ source:$/, "#{insert_block}\n source:") - -# If we cannot find the input source anchor, do not change anything. -exit 0 if updated == content - -File.write(smoke_file, updated) diff --git a/.github/scripts/apply_smoke_overrides.sh b/.github/scripts/apply_smoke_overrides.sh new file mode 100644 index 00000000000..98e7c907823 --- /dev/null +++ b/.github/scripts/apply_smoke_overrides.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash +set -euo pipefail + +smoke_file="${1:-}" +suite_name="${2:-}" + +if [[ -z "$smoke_file" || -z "$suite_name" ]]; then + echo "usage: apply_smoke_overrides.sh " >&2 + exit 1 +fi + +case "$suite_name" in + smoke-poetry.yaml|smoke-python-poetry.yaml) + ;; + *) + exit 0 + ;; +esac + +if ! grep -q '^ ignore-conditions:' "$smoke_file"; then + exit 0 +fi + +if ! grep -q 'directory: /poetry' "$smoke_file"; then + exit 0 +fi + +if ! grep -q 'name = "certifi"' "$smoke_file"; then + exit 0 +fi + +if grep -q 'dependency-name: certifi' "$smoke_file"; then + exit 0 +fi + +certifi_version="$({ + awk ' + /name = "certifi"/ { in_certifi=1; next } + in_certifi && /version = "/ { + if (match($0, /"[^"]+"/)) { + print substr($0, RSTART + 1, RLENGTH - 2) + exit + } + } + ' "$smoke_file" +} || true)" + +if [[ -z "$certifi_version" ]]; then + exit 0 +fi + +awk -v certifi_version="$certifi_version" -v suite_name="$suite_name" ' + { + if (!inserted && $0 ~ /^ source:$/) { + print " - dependency-name: certifi" + print " source: tests/" suite_name + print " version-requirement: \">" certifi_version "\"" + inserted = 1 + } + print + } +' "$smoke_file" > "$smoke_file.tmp" + +mv "$smoke_file.tmp" "$smoke_file" diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 74e0752099a..4d7e4fe824d 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -108,7 +108,7 @@ jobs: - name: Stabilize Poetry transitive certifi run: | - ruby .github/scripts/apply_smoke_overrides.rb smoke.yaml "${{ matrix.suite.name }}" + bash .github/scripts/apply_smoke_overrides.sh smoke.yaml "${{ matrix.suite.name }}" # Download the Proxy cache. The job is ideally 100% cached so no real calls are made. # Allowed to fail to get out of chicken and egg situations, for example, when adding a new ecosystem. From a1895127b3178c33f36fb38cf931ba785a8fb87b Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Wed, 22 Apr 2026 14:05:14 -0400 Subject: [PATCH 07/12] Revert "Fix security alert" This reverts commit 133a269a7bfa07eba6bb0c46d40d6da0ec3730e6. --- .github/scripts/apply_smoke_overrides.rb | 47 +++++++++++++++++ .github/scripts/apply_smoke_overrides.sh | 64 ------------------------ .github/workflows/smoke.yml | 2 +- 3 files changed, 48 insertions(+), 65 deletions(-) create mode 100644 .github/scripts/apply_smoke_overrides.rb delete mode 100644 .github/scripts/apply_smoke_overrides.sh diff --git a/.github/scripts/apply_smoke_overrides.rb b/.github/scripts/apply_smoke_overrides.rb new file mode 100644 index 00000000000..7c490c486b0 --- /dev/null +++ b/.github/scripts/apply_smoke_overrides.rb @@ -0,0 +1,47 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# Applies suite-specific smoke input overrides without rewriting YAML formatting. +# This keeps smoke expectations deterministic while preserving raw fixture style. + +smoke_file = ARGV[0] +suite_name = ARGV[1] + +if smoke_file.nil? || suite_name.nil? + warn "usage: apply_smoke_overrides.rb " + exit 1 +end + +content = File.read(smoke_file) + +# Keep this policy narrow and explicit. These suites use Poetry lockfiles where +# transitive certifi releases can cause unrelated expectation churn. +poetry_suites = ["smoke-poetry.yaml", "smoke-python-poetry.yaml"] +unless poetry_suites.include?(suite_name) + exit 0 +end + +unless content.include?(" ignore-conditions:") && + content.include?("directory: /poetry") && + content.include?("name = \"certifi\"") + exit 0 +end + +exit 0 if content.include?("dependency-name: certifi") + +certifi_version_match = content.match(/name = "certifi".*?\n\s*version = "([^"]+)"/m) +exit 0 unless certifi_version_match + +certifi_version = certifi_version_match[1] +insert_block = [ + " - dependency-name: certifi", + " source: tests/#{suite_name}", + " version-requirement: \">#{certifi_version}\"" +].join("\n") + +updated = content.sub(/^ source:$/, "#{insert_block}\n source:") + +# If we cannot find the input source anchor, do not change anything. +exit 0 if updated == content + +File.write(smoke_file, updated) diff --git a/.github/scripts/apply_smoke_overrides.sh b/.github/scripts/apply_smoke_overrides.sh deleted file mode 100644 index 98e7c907823..00000000000 --- a/.github/scripts/apply_smoke_overrides.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -smoke_file="${1:-}" -suite_name="${2:-}" - -if [[ -z "$smoke_file" || -z "$suite_name" ]]; then - echo "usage: apply_smoke_overrides.sh " >&2 - exit 1 -fi - -case "$suite_name" in - smoke-poetry.yaml|smoke-python-poetry.yaml) - ;; - *) - exit 0 - ;; -esac - -if ! grep -q '^ ignore-conditions:' "$smoke_file"; then - exit 0 -fi - -if ! grep -q 'directory: /poetry' "$smoke_file"; then - exit 0 -fi - -if ! grep -q 'name = "certifi"' "$smoke_file"; then - exit 0 -fi - -if grep -q 'dependency-name: certifi' "$smoke_file"; then - exit 0 -fi - -certifi_version="$({ - awk ' - /name = "certifi"/ { in_certifi=1; next } - in_certifi && /version = "/ { - if (match($0, /"[^"]+"/)) { - print substr($0, RSTART + 1, RLENGTH - 2) - exit - } - } - ' "$smoke_file" -} || true)" - -if [[ -z "$certifi_version" ]]; then - exit 0 -fi - -awk -v certifi_version="$certifi_version" -v suite_name="$suite_name" ' - { - if (!inserted && $0 ~ /^ source:$/) { - print " - dependency-name: certifi" - print " source: tests/" suite_name - print " version-requirement: \">" certifi_version "\"" - inserted = 1 - } - print - } -' "$smoke_file" > "$smoke_file.tmp" - -mv "$smoke_file.tmp" "$smoke_file" diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 4d7e4fe824d..74e0752099a 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -108,7 +108,7 @@ jobs: - name: Stabilize Poetry transitive certifi run: | - bash .github/scripts/apply_smoke_overrides.sh smoke.yaml "${{ matrix.suite.name }}" + ruby .github/scripts/apply_smoke_overrides.rb smoke.yaml "${{ matrix.suite.name }}" # Download the Proxy cache. The job is ideally 100% cached so no real calls are made. # Allowed to fail to get out of chicken and egg situations, for example, when adding a new ecosystem. From ec7d8332f591f5477cb27f0cd239e40e129fb244 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Wed, 22 Apr 2026 14:05:17 -0400 Subject: [PATCH 08/12] Revert "Fix flaky smoke test" This reverts commit 0ba52f199b5bab36ccfa14c27602d3911c4714c7. --- .github/scripts/apply_smoke_overrides.rb | 47 ------------------------ .github/workflows/smoke.yml | 4 -- 2 files changed, 51 deletions(-) delete mode 100644 .github/scripts/apply_smoke_overrides.rb diff --git a/.github/scripts/apply_smoke_overrides.rb b/.github/scripts/apply_smoke_overrides.rb deleted file mode 100644 index 7c490c486b0..00000000000 --- a/.github/scripts/apply_smoke_overrides.rb +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env ruby -# frozen_string_literal: true - -# Applies suite-specific smoke input overrides without rewriting YAML formatting. -# This keeps smoke expectations deterministic while preserving raw fixture style. - -smoke_file = ARGV[0] -suite_name = ARGV[1] - -if smoke_file.nil? || suite_name.nil? - warn "usage: apply_smoke_overrides.rb " - exit 1 -end - -content = File.read(smoke_file) - -# Keep this policy narrow and explicit. These suites use Poetry lockfiles where -# transitive certifi releases can cause unrelated expectation churn. -poetry_suites = ["smoke-poetry.yaml", "smoke-python-poetry.yaml"] -unless poetry_suites.include?(suite_name) - exit 0 -end - -unless content.include?(" ignore-conditions:") && - content.include?("directory: /poetry") && - content.include?("name = \"certifi\"") - exit 0 -end - -exit 0 if content.include?("dependency-name: certifi") - -certifi_version_match = content.match(/name = "certifi".*?\n\s*version = "([^"]+)"/m) -exit 0 unless certifi_version_match - -certifi_version = certifi_version_match[1] -insert_block = [ - " - dependency-name: certifi", - " source: tests/#{suite_name}", - " version-requirement: \">#{certifi_version}\"" -].join("\n") - -updated = content.sub(/^ source:$/, "#{insert_block}\n source:") - -# If we cannot find the input source anchor, do not change anything. -exit 0 if updated == content - -File.write(smoke_file, updated) diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index 74e0752099a..20fc4c64f91 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -106,10 +106,6 @@ jobs: path: smoke.yaml key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }} - - name: Stabilize Poetry transitive certifi - run: | - ruby .github/scripts/apply_smoke_overrides.rb smoke.yaml "${{ matrix.suite.name }}" - # Download the Proxy cache. The job is ideally 100% cached so no real calls are made. # Allowed to fail to get out of chicken and egg situations, for example, when adding a new ecosystem. - name: Download cache From 09016db3c4b33340fe5ee45d19d3cd75157370cd Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Fri, 1 May 2026 09:43:41 -0400 Subject: [PATCH 09/12] trigger ci From 67e14620b4c8caf6ee1795d82e6e74be835810d4 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Mon, 4 May 2026 09:26:45 -0400 Subject: [PATCH 10/12] trigger ci From c860ee3cc93fa343ff975a47e461f998ccd57f07 Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Mon, 4 May 2026 09:35:50 -0400 Subject: [PATCH 11/12] trigger ci From e12d62341cd80926b3fad871b9a84a0477defd5b Mon Sep 17 00:00:00 2001 From: julia-thorn Date: Mon, 4 May 2026 14:35:41 -0400 Subject: [PATCH 12/12] trigger ci