Stabilize CI runtime dependencies#298
Conversation
ac1d854 to
da156ba
Compare
da156ba to
df6e646
Compare
|
krowvin
left a comment
There was a problem hiding this comment.
Few thoughts I had while making this PR
| traefik: | ||
| condition: service_healthy | ||
| image: ${CWMS_DATA_API_IMAGE:-ghcr.io/usace/cwms-data-api:latest} | ||
| image: ${CWMS_DATA_API_IMAGE:-ghcr.io/usace/cwms-data-api:develop-2026.05.30} |
There was a problem hiding this comment.
I still am not 100% sure on if we want to lock the versions in.
If we add a new parameter, for example, we would then need to make sure this gets updated to match.
And it maybe confusing to determine that was the cause/need from the logs alone.
cwmsjs is getting around this by being generated as CDA updates
There was a problem hiding this comment.
no and definitely should not be that version. that is behind what is in production.
There was a problem hiding this comment.
I'm not sure if the latest image is getting updated frequent enough? @MikeNeilson
Should we target the current production version 2026.05.12-f? If a develop version is targeted for the tests then things might pass that are not on prod yet.
I was trying to target something around this.
| @@ -0,0 +1,3 @@ | |||
| AUTH_RE_ENABLE_NON_HASH_KEY_SUPPORT=true | |||
There was a problem hiding this comment.
This should make it so we don't need to hash the keys locally and our old keys keep working
There was a problem hiding this comment.
It is easy to add the hashed keys I will set that up.
There was a problem hiding this comment.
Want to PR off this or make a separate PR for that?
If you are busy we could merge this in now so the old keys keep working then your PR can use the new ones?



Summary
q0web user used by current CDA local setup and the seeded test API keys.Root cause
The failing unit-test job was selecting Python 3.14.6, where the current locked pandas/numpy stack segfaults in the mock ratings test. Unrelated PRs started failing before the LRTS branch, and this PR confirmed the Python 3.12 pin makes those jobs green.
The integration job was failing with 401 API-key errors from the local CDA stack. Current CDA only accepts the plaintext keys seeded by this repo's
users.sqlwhenAUTH_RE_ENABLE_NON_HASH_KEY_SUPPORTis enabled. After that was fixed, the remaining failure was a CDA 500 from PATCHing an empty assigned-timeseries list; the test now uses the delete endpoint's cascade behavior.Validation
docker compose config --quietrun-testsjobs passed after pinning Python 3.12; integration progressed from 401s to 69/70 passing before the test cleanup.poetry installfails building the locked NumPy version without a compiler. Full verification is through Actions.