🧪 Pin codecov-cli deptree used in AZP

PR #85888 `codecov-cli == 11.0.3` allows `click == 8.3.0` in its deps but the latter causes commit auto-discovery breakage in the former. With https://github.com/getsentry/prevent-cli/pull/95, `codecov-cli == 11.2.3` excludes this version so this patch updates the requirement to that. To prevent this from happening again, the change also makes use of a pip constraint file that pins the entire dependency tree to concrete versions. The constraint file is managed by `pip-tools`. Refs: * https://github.com/getsentry/prevent-cli/pull/95 * https://github.com/pallets/click/issues/3066 ci_coverage ci_complete
2 months ago · 1e572ba5cc
parent 58bad71859
commit 1e572ba5cc
4 changed files with 41 additions and 3 deletions
--- a/.azure-pipelines/scripts/dependencies/.pip-tools.toml
+++ b/.azure-pipelines/scripts/dependencies/.pip-tools.toml
@ -0,0 +1,6 @@
 [tool.pip-tools]
 allow-unsafe = true  # weird outdated default
 annotation-style = "line"  # put the source tracking comments inline
 generate-hashes = false  # pip bug https://github.com/pypa/pip/issues/9243
 resolver = "backtracking"  # modern depresolver
 strip-extras = true  # so that output files are true pip constraints
--- a/.azure-pipelines/scripts/dependencies/codecov.in
+++ b/.azure-pipelines/scripts/dependencies/codecov.in
@ -0,0 +1 @@
 codecov-cli
--- a/.azure-pipelines/scripts/dependencies/codecov.txt
+++ b/.azure-pipelines/scripts/dependencies/codecov.txt
@ -0,0 +1,18 @@
 #
 # This file is autogenerated by pip-compile with Python 3.13
 # by the following command:
 #
 #    pip-compile --allow-unsafe --annotation-style=line --output-file=codecov.txt --strip-extras codecov.in
 #
 certifi==2025.8.3         # via requests, sentry-sdk
 charset-normalizer==3.4.3  # via requests
 click==8.2.1              # via codecov-cli
 codecov-cli==11.2.3       # via -r codecov.in
 idna==3.10                # via requests
 ijson==3.4.0              # via codecov-cli
 pyyaml==6.0.2             # via codecov-cli
 requests==2.32.5          # via responses
 responses==0.21.0         # via codecov-cli
 sentry-sdk==2.38.0        # via codecov-cli
 test-results-parser==0.5.4  # via codecov-cli
 urllib3==2.5.0            # via requests, responses, sentry-sdk
--- a/.azure-pipelines/scripts/publish-codecov.py
+++ b/.azure-pipelines/scripts/publish-codecov.py
@ -16,6 +16,10 @@ import typing as t
 import venv
 SCRIPTS_DIR = pathlib.Path(__file__).parent.resolve()
 DEPS_DIR = SCRIPTS_DIR / 'dependencies'
@dataclasses.dataclass(frozen=True)
 class CoverageFile:
    name: str
@ -50,8 +54,9 @@ def run(*args: str | pathlib.Path) -> None:
 def install_codecov(dest: pathlib.Path) -> pathlib.Path:
-    package = 'codecov-cli'
+    """Populate a transitively pinned venv with ``codecov-cli``."""
-    version = '11.0.3'
+    requirement_file = DEPS_DIR / 'codecov.in'
    constraint_file = requirement_file.with_suffix('.txt')
    venv_dir = dest / 'venv'
    python_bin = venv_dir / 'bin' / 'python'
@ -59,7 +64,15 @@ def install_codecov(dest: pathlib.Path) -> pathlib.Path:
    venv.create(venv_dir, with_pip=True)
-    run(python_bin, '-m', 'pip', 'install', f'{package}=={version}', '--disable-pip-version-check')
+    run(
        python_bin,
        '-m',
        'pip',
        'install',
        f'--constraint={constraint_file!s}',
        f'--requirement={requirement_file!s}',
        '--disable-pip-version-check',
    )
    return codecov_bin