Add mirror invariant guardrails#2
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e79563d172
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
|
|
||
| def read_dependency_pin(requirement: str) -> str: | ||
| match = re.fullmatch(r"spore-lang==(?P<version>\d+\.\d+\.\d+)", requirement) |
There was a problem hiding this comment.
Respect configured package name in invariant check
sync.py still advertises SPORE_PACKAGE_NAME as a runtime override, but read_dependency_pin hardcodes spore-lang in the new invariant guard. In any environment where the mirror is configured for another package and pyproject.toml is pinned correctly for that package, validate_repo_state() now fails before sync can run, which is a regression from prior behavior.
Useful? React with 👍 / 👎.
|
Dropped the invariant/smoke-test guardrail changes from this branch as requested. The branch now matches main, so this PR is obsolete. |
This PR adds guardrails for mirrored release metadata:\n- validate the pyproject version, dependency pin, and README rev stay in sync\n- run the invariant check and a smoke install in CI\n- reuse the same invariant check inside sync.py before publishing