Skip to content

Pin twine, hatchling versions and enforce usage of cargo.lock #513

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 24, 2025
Merged

Pin twine, hatchling versions and enforce usage of cargo.lock #513

merged 6 commits into from
Oct 24, 2025

Conversation

@jj22ee
Copy link
Contributor

@jj22ee jj22ee commented Oct 23, 2025
edited
Loading

Issue #, if available:
Address release failure: https://github.com/aws-observability/aws-otel-python-instrumentation/actions/runs/18734463348/job/53438678131

  1. hatchling is responsible for generating a metadata file included in the wheel file.
  2. twine will validate this metadata before publishing to PyPI.

According to the release failure, the metadata's license-expression field is malformed. Yet I tried testing an artifact in a fork, but the wheel file's metadata doesn't look suspicious. So the exact root cause is unknown.

Description of changes:
Pins the following for the release:

twine==5.1.1
hatchling==1.25.0

The latest versions are not compatible with the release process, but note that

Since there have been no new releases from twine/hatchling recently, it is suspected (but not confirmed yet in order to get this release out asap) that before the GitHub actions/setup-python upgrade in #506, an older pip version was installed, which installed older compatible versions of twine/hatchling. Probably since we upgraded actions/setup-python, pip might now install the latest versions of them, in which our repo is not yet compatible according to the failed release.

Reasoning why we need both (test publish to TestPyPI):

2nd Issue is related to the PR build failure (https://github.com/aws-observability/aws-otel-python-instrumentation/actions/runs/18763622170/job/53533951402?pr=512#step:3:2157):

 > [builder 5/6] RUN if [ amd64 = "amd64" ]; then cargo install cargo-audit && cargo audit ; fi:
3.631   Downloaded allocator-api2 v0.2.21
3.635   Downloaded ahash v0.8.12
3.639   Downloaded addr2line v0.25.1
3.696 error: failed to compile `cargo-audit v0.21.2`, intermediate artifacts can be found at `/tmp/cargo-installifwHEz`.
3.696 To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
3.696 
3.696 Caused by:
3.696   rustc 1.87.0 is not supported by the following package:
3.696     [email protected] requires rustc 1.89
3.696   Try re-running `cargo install` with `--locked``

This is fixed by following the guidance to use --locked. Looks like the Cargo.lock file, which pins dependencies, wasn't actually being used. cargo-audit is also updated to be pinned for sanity.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@jj22ee jj22ee requested a review from a team as a code owner October 23, 2025 22:27
@jj22ee jj22ee added the skip changelog doesn't need a CHANGELOG entry label Oct 23, 2025
@jj22ee jj22ee force-pushed the fix-pypi-release-v0.12.x branch from f828467 to 8c1093a Compare October 23, 2025 22:34
@jj22ee jj22ee changed the title Pin twine, hatchling, cargo-audit and rustfmt versions Pin twine, hatchling, cargo-audit versions Oct 23, 2025
@jj22ee jj22ee force-pushed the fix-pypi-release-v0.12.x branch from 8c1093a to 61d60a7 Compare October 23, 2025 22:38
@jj22ee jj22ee changed the title Pin twine, hatchling, cargo-audit versions Pin twine, hatchling, rust-image versions Oct 23, 2025
@jj22ee jj22ee changed the title Pin twine, hatchling, rust-image versions Pin twine, hatchling, rust-image, and cargo-audit versions Oct 23, 2025
@jj22ee jj22ee force-pushed the fix-pypi-release-v0.12.x branch from 61d60a7 to 4e7f42a Compare October 23, 2025 22:43
@jj22ee jj22ee changed the title Pin twine, hatchling, rust-image, and cargo-audit versions Pin twine, hatchling, and cargo-audit versions Oct 24, 2025
@jj22ee jj22ee mentioned this pull request Oct 24, 2025
Merged
thpierce
thpierce reviewed Oct 24, 2025
View reviewed changes
@jj22ee jj22ee changed the title Pin twine, hatchling, and cargo-audit versions Pin twine, hatchling versions and enforce usage of cargo.lock Oct 24, 2025
jj22ee added a commit that referenced this pull request Oct 24, 2025
@jj22ee
Pin twine, hatchling versions and enforce usage of cargo.lock (#514)
b1d5557 
*Issue #, if available:*
Same PR as
#513,
but merge to main.

*Description of changes:*


By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice.
@jj22ee jj22ee enabled auto-merge (squash) October 24, 2025 16:56
@jj22ee jj22ee merged commit 2b5718c into release/v0.12.x Oct 24, 2025
21 of 27 checks passed
@jj22ee jj22ee deleted the fix-pypi-release-v0.12.x branch October 24, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thpierce thpierce thpierce approved these changes

Assignees

No one assigned

Labels

skip changelog doesn't need a CHANGELOG entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jj22ee @thpierce