From 1e572ba5cc80753d543af338a16cd9fa8f747907 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=87=BA=F0=9F=87=A6=20Sviatoslav=20Sydorenko=20=28?=
 =?UTF-8?q?=D0=A1=D0=B2=D1=8F=D1=82=D0=BE=D1=81=D0=BB=D0=B0=D0=B2=20=D0=A1?=
 =?UTF-8?q?=D0=B8=D0=B4=D0=BE=D1=80=D0=B5=D0=BD=D0=BA=D0=BE=29?=
 <webknjaz@redhat.com>
Date: Tue, 23 Sep 2025 15:07:00 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=AA=20Pin=20codecov-cli=20deptree=20us?=
 =?UTF-8?q?ed=20in=20AZP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR #85888

`codecov-cli == 11.0.3` allows `click == 8.3.0` in its deps but the latter causes commit auto-discovery breakage in the former. With https://github.com/getsentry/prevent-cli/pull/95, `codecov-cli == 11.2.3` excludes this version so this patch updates the requirement to that.

To prevent this from happening again, the change also makes use of a pip constraint file that pins the entire dependency tree to concrete versions. The constraint file is managed by `pip-tools`.

Refs:
* https://github.com/getsentry/prevent-cli/pull/95
* https://github.com/pallets/click/issues/3066

ci_coverage
ci_complete
---
 .../scripts/dependencies/.pip-tools.toml      |  6 ++++++
 .../scripts/dependencies/codecov.in           |  1 +
 .../scripts/dependencies/codecov.txt          | 18 ++++++++++++++++++
 .azure-pipelines/scripts/publish-codecov.py   | 19 ++++++++++++++++---
 4 files changed, 41 insertions(+), 3 deletions(-)
 create mode 100644 .azure-pipelines/scripts/dependencies/.pip-tools.toml
 create mode 100644 .azure-pipelines/scripts/dependencies/codecov.in
 create mode 100644 .azure-pipelines/scripts/dependencies/codecov.txt

diff --git a/.azure-pipelines/scripts/dependencies/.pip-tools.toml b/.azure-pipelines/scripts/dependencies/.pip-tools.toml
new file mode 100644
index 00000000000..20558ff7478
--- /dev/null
+++ b/.azure-pipelines/scripts/dependencies/.pip-tools.toml
@@ -0,0 +1,6 @@
+[tool.pip-tools]
+allow-unsafe = true  # weird outdated default
+annotation-style = "line"  # put the source tracking comments inline
+generate-hashes = false  # pip bug https://github.com/pypa/pip/issues/9243
+resolver = "backtracking"  # modern depresolver
+strip-extras = true  # so that output files are true pip constraints
diff --git a/.azure-pipelines/scripts/dependencies/codecov.in b/.azure-pipelines/scripts/dependencies/codecov.in
new file mode 100644
index 00000000000..11750996445
--- /dev/null
+++ b/.azure-pipelines/scripts/dependencies/codecov.in
@@ -0,0 +1 @@
+codecov-cli
diff --git a/.azure-pipelines/scripts/dependencies/codecov.txt b/.azure-pipelines/scripts/dependencies/codecov.txt
new file mode 100644
index 00000000000..9012189437f
--- /dev/null
+++ b/.azure-pipelines/scripts/dependencies/codecov.txt
@@ -0,0 +1,18 @@
+#
+# This file is autogenerated by pip-compile with Python 3.13
+# by the following command:
+#
+#    pip-compile --allow-unsafe --annotation-style=line --output-file=codecov.txt --strip-extras codecov.in
+#
+certifi==2025.8.3         # via requests, sentry-sdk
+charset-normalizer==3.4.3  # via requests
+click==8.2.1              # via codecov-cli
+codecov-cli==11.2.3       # via -r codecov.in
+idna==3.10                # via requests
+ijson==3.4.0              # via codecov-cli
+pyyaml==6.0.2             # via codecov-cli
+requests==2.32.5          # via responses
+responses==0.21.0         # via codecov-cli
+sentry-sdk==2.38.0        # via codecov-cli
+test-results-parser==0.5.4  # via codecov-cli
+urllib3==2.5.0            # via requests, responses, sentry-sdk
diff --git a/.azure-pipelines/scripts/publish-codecov.py b/.azure-pipelines/scripts/publish-codecov.py
index 8a15822b0e8..e4e2303889c 100755
--- a/.azure-pipelines/scripts/publish-codecov.py
+++ b/.azure-pipelines/scripts/publish-codecov.py
@@ -16,6 +16,10 @@ import typing as t
 import venv
 
 
+SCRIPTS_DIR = pathlib.Path(__file__).parent.resolve()
+DEPS_DIR = SCRIPTS_DIR / 'dependencies'
+
+
 @dataclasses.dataclass(frozen=True)
 class CoverageFile:
     name: str
@@ -50,8 +54,9 @@ def run(*args: str | pathlib.Path) -> None:
 
 
 def install_codecov(dest: pathlib.Path) -> pathlib.Path:
-    package = 'codecov-cli'
-    version = '11.0.3'
+    """Populate a transitively pinned venv with ``codecov-cli``."""
+    requirement_file = DEPS_DIR / 'codecov.in'
+    constraint_file = requirement_file.with_suffix('.txt')
 
     venv_dir = dest / 'venv'
     python_bin = venv_dir / 'bin' / 'python'
@@ -59,7 +64,15 @@ def install_codecov(dest: pathlib.Path) -> pathlib.Path:
 
     venv.create(venv_dir, with_pip=True)
 
-    run(python_bin, '-m', 'pip', 'install', f'{package}=={version}', '--disable-pip-version-check')
+    run(
+        python_bin,
+        '-m',
+        'pip',
+        'install',
+        f'--constraint={constraint_file!s}',
+        f'--requirement={requirement_file!s}',
+        '--disable-pip-version-check',
+    )
 
     return codecov_bin