Skip to content

TST: Pin test dependencies to exact versions; add dependabot pip monitoring#2230

Open
mdboom wants to merge 4 commits into
NVIDIA:mainfrom
mdboom:pin-test-dependencies
Open

TST: Pin test dependencies to exact versions; add dependabot pip monitoring#2230
mdboom wants to merge 4 commits into
NVIDIA:mainfrom
mdboom:pin-test-dependencies

Conversation

@mdboom

@mdboom mdboom commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This is in response to #2227 causing an unwelcome surprise when pytest was updated. It was fine at the time, but this kind of thing gets really annoying during release time.

There is no reason not to pin our test dependencies, and let dependabot handle updating them so we can deal with any breakages when we want to, not to urgently unblock CI.

Summary

  • Pin all test [dependency-groups] specifiers to exact == versions in cuda_bindings, cuda_core, and cuda_pathfinder so CI runs against a known-good set of packages
  • Add three pip ecosystem entries to .github/dependabot.yml (one per subproject) so Dependabot opens PRs when newer PyPI versions are available

Notes

  • cython and setuptools are intentionally left as range specifiers (>=3.2,<3.3 and >=80) since they are build-time dependencies with looser compatibility constraints
  • ml-dtypes in cuda_core is left as >=0.5.4,<0.6.0 for the same reason

Test plan

  • Verify CI passes with pinned versions
  • Confirm dependabot config parses cleanly (check Actions tab after merge)

🤖 Generated with Claude Code

@mdboom @claude
TST: Pin test dependencies to exact versions; add dependabot pip moni…
54a4a2b 
…toring

Pin all unpinned test dependency specifiers in [dependency-groups] to
exact versions (==) across cuda_bindings, cuda_core, and cuda_pathfinder.
Also add pip ecosystem entries to dependabot.yml so PRs are opened when
newer versions become available on PyPI.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mdboom mdboom added this to the cuda.bindings next milestone Jun 16, 2026
@mdboom mdboom added test Improvements or additions to tests dependencies Pull requests that update a dependency file labels Jun 16, 2026
@github-actions github-actions Bot added CI/CD CI/CD infrastructure cuda.bindings Everything related to the cuda.bindings module cuda.core Everything related to the cuda.core module cuda.pathfinder Everything related to the cuda.pathfinder module labels Jun 16, 2026
@mdboom mdboom requested a review from rparolin June 16, 2026 15:19
@mdboom mdboom self-assigned this Jun 16, 2026
rwgk
rwgk reviewed Jun 16, 2026
View reviewed changes
Comment thread cuda_bindings/pyproject.toml Outdated
"pytest-repeat",
"pytest-randomly",
"pyglet>=2.1.9",
"matplotlib==3.10.9; python_version < '3.15'",

@rwgk rwgk Jun 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WDYT about e.g.

"matplotlib>=3.5.0,<=3.10.9; python_version < '3.15'",

so that we don't lock in other packages to one very specific version? — I realize it's only for testing, but I wonder if e.g. numba or rapids testing could be affected by our choices here.

@mdboom mdboom Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would they test in the same venv as ours? If they wanted to test against a prerelease of cuda_bindings, only the library dependencies would apply, not the test dependencies.

@mdboom mdboom Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the only concern here is that /this/ list is self-consistent, for example, the numpy and matplotlib versions specified here are compatible (which they are).

@rwgk rwgk Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would the test in the same venv as ours?

I think I've seen that (SWQA testing), although digging up what I have in mind isn't easy.

I'm OK to be simple/strict first and see what happens.

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Doc Preview CI

🚀 View preview at
https://nvidia.github.io/cuda-python/pr-preview/pr-2230/

https://nvidia.github.io/cuda-python/pr-preview/pr-2230/cuda-core/

https://nvidia.github.io/cuda-python/pr-preview/pr-2230/cuda-bindings/

https://nvidia.github.io/cuda-python/pr-preview/pr-2230/cuda-pathfinder/


Preview will be ready when the GitHub Pages deployment is complete.

rwgk
rwgk reviewed Jun 16, 2026
View reviewed changes

@rwgk rwgk left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we also need to update the pixi.toml files as part of this PR, or at least explicitly call them out as follow-up work.

Right now this PR freezes the test dependencies in the package pyproject.toml dependency groups, but the pixi environments still have broad specs for the same test tools. That means some CI/developer test paths can still float even after this PR lands.

The main ones I noticed are:

  • cuda_bindings/pixi.toml
  • cuda_core/pixi.toml
  • cuda_pathfinder/pixi.toml

If the goal is to stop unexpected pytest-side dependency changes from putting us into fire-fighting mode, the pixi-managed test environments should follow the same pinning policy as the pyproject.toml test groups, or we should document why they intentionally remain floating.

Comment thread cuda_bindings/pyproject.toml
Comment on lines +50 to +51
"matplotlib; python_version < '3.15'",
"numpy",

@rwgk rwgk Jun 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we keep the previous lower bounds here rather than making these bare dependencies?

What I would do:

  • Restore the lower bounds, because they encode the minimum supported/tested floor.
  • Add upper bounds to prevent surprise future releases from breaking CI.
  • Split NumPy by Python version if one cap cannot span the full Python matrix.
  • Add a short comment for any Python-version split so it is clear this is compatibility-driven, not arbitrary.

Policy-wise, I think lower bounds and upper bounds serve different purposes: lower bound = minimum supported/tested floor; upper bound or exact pin = CI stability cap. I do not think we should lose the former while adding the latter.

For example, roughly this shape, informed by the CI/branch history so far:

"matplotlib>=3.5.0,<=3.10.9; python_version < '3.15'",
"numpy>=1.21.1,<=2.2.6; python_version < '3.11'",
"numpy>=1.21.1,<=2.4.6; python_version >= '3.11'",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rwgk rwgk rwgk left review comments

@rparolin rparolin Awaiting requested review from rparolin

At least 1 approving review is required to merge this pull request.

Assignees

@mdboom mdboom

Labels

CI/CD CI/CD infrastructure cuda.bindings Everything related to the cuda.bindings module cuda.core Everything related to the cuda.core module cuda.pathfinder Everything related to the cuda.pathfinder module dependencies Pull requests that update a dependency file test Improvements or additions to tests

Projects

None yet

Milestone

cuda.bindings next

Development

Successfully merging this pull request may close these issues.

2 participants

@mdboom @rwgk