From 422d9d2293b91b5d246665497c5441c1313f5d98 Mon Sep 17 00:00:00 2001 From: Pablo Collins Date: Mon, 22 Jun 2026 13:48:46 -0400 Subject: [PATCH] Pin SecureApp Docker dependency --- docker/publish-docker-image.sh | 5 +++++ docker/requirements-secureapp.txt | 4 ++-- pyproject.toml | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docker/publish-docker-image.sh b/docker/publish-docker-image.sh index 35eaf336..c2beb54f 100755 --- a/docker/publish-docker-image.sh +++ b/docker/publish-docker-image.sh @@ -87,6 +87,11 @@ check_requirements_pin() { echo "ERROR: requirements.txt must contain $expected_requirement" exit 1 fi + + if ! grep -qxE 'secureapp-python-agent==[^[:space:]]+' requirements-secureapp.txt; then + echo "ERROR: requirements-secureapp.txt must pin secureapp-python-agent with ==" + exit 1 + fi } build_docker_image() { diff --git a/docker/requirements-secureapp.txt b/docker/requirements-secureapp.txt index bd0af408..83776e8e 100644 --- a/docker/requirements-secureapp.txt +++ b/docker/requirements-secureapp.txt @@ -1,4 +1,4 @@ -r requirements.txt -# Keep this aligned with pyproject.toml's secureapp extra. -secureapp-python-agent>=26.6.0 +# Pin SecureApp for reproducible release images; update intentionally after review. +secureapp-python-agent==26.6.1 diff --git a/pyproject.toml b/pyproject.toml index 7eb995b2..bfb70406 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -38,7 +38,7 @@ dependencies = [ [project.optional-dependencies] secureapp = [ - "secureapp-python-agent>=26.6.0", + "secureapp-python-agent>=26.6.1", ] [project.urls]