Skip to content

py3-numpy-2.3/2.3.0 package update #57139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
octo-sts wants to merge 1 commit into from
Closed

py3-numpy-2.3/2.3.0 package update #57139

octo-sts wants to merge 1 commit into from
+3 −3

Conversation

@octo-sts
Copy link
Contributor

@octo-sts octo-sts bot commented Jun 20, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr py3-numpy-2.3 labels Jun 20, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jun 20, 2025

🔄 Build Failed: Git Checkout Error

FAIL Expected commit 5f70dc85d16454c81b19c02a012ce08cca9fc28e for v2.3.0, found 0532af47d6a815298b7841de00bdbc547104b237

Build Details

Category Details
Build System git
Failure Point git checkout --quiet origin/tags/v2.3.0

Root Cause Analysis 🔍

The build is expecting a specific commit hash (5f70dc85d16454c81b19c02a012ce08cca9fc28e) for tag v2.3.0, but the actual commit hash found in the repository is different (0532af47d6a815298b7841de00bdbc547104b237). This mismatch is causing the git checkout operation to fail.

🔍 Build failure fix suggestions

Found similar build failures that have been fixed in the past and analyzed them to suggest a fix:

Similar PRs with fixes

Suggested Changes

File: py3-numpy-2.3.yaml

  • replace at line 56-57 (pipeline/git-checkout/expected-commit)
    Original:
      expected-commit: 5f70dc85d16454c81b19c02a012ce08cca9fc28e

Replacement:

      expected-commit: 0532af47d6a815298b7841de00bdbc547104b237
Click to expand fix analysis

Analysis

The build failure shows a git checkout issue with a mismatch between the expected commit hash (5f70dc85d16454c81b19c02a012ce08cca9fc28e) and the actual commit hash (0532af47d6a815298b7841de00bdbc547104b237) for tag v2.3.0. Looking at the similar fixed build failures, this is a common pattern when:

  1. The git tag in the repository points to a different commit than what was expected in the build configuration
  2. In some cases, the tag may point to a tag object rather than directly to a commit object
  3. The fix pattern across all examples is consistent: update the expected-commit hash in the git-checkout step to match the actual commit hash that the tag points to

This is a straightforward issue where the build system is correctly identifying that the expected commit doesn't match the actual commit, and the solution is to update the expected commit hash to match reality.

Click to expand fix explanation

Explanation

The fix updates the expected-commit hash in the git-checkout step to match the actual commit hash that the v2.3.0 tag points to in the repository.

The error occurs because the build system is trying to check out the v2.3.0 tag, but the commit hash it expects for that tag (5f70dc85d16454c81b19c02a012ce08cca9fc28e) is different from what actually exists in the repository (0532af47d6a815298b7841de00bdbc547104b237).

This type of mismatch can occur for several reasons:

  1. The upstream repository may have changed the tag to point to a different commit (force pushed a tag)
  2. The tag may have been originally created as an annotated tag that points to a tag object, which in turn points to the commit
  3. The original expected-commit value may have been a typo or taken from a different branch/tag

By updating the expected-commit hash to match the actual commit that the tag points to, we allow the build system to correctly verify the integrity of the checkout. This is exactly the pattern followed in all three example fixes, where they updated the expected-commit hash to match the actual commit hash found in the repository.

This fix is simple, safe, and doesn't require any architectural changes to the build system or package definition.

Click to expand alternative approaches

Alternative Approaches

  • An alternative approach would be to pin to the specific commit hash instead of using the tag, but this would make future updates harder to track since you'd lose the semantic versioning information provided by the tag.
  • Another approach could be to modify the git-checkout step to use the --force flag to ignore commit hash verification, but this would defeat the security purpose of verifying the expected commit hash, potentially allowing supply chain attacks.
  • For frequent tag changes, implementing a pre-build step that dynamically fetches the current commit hash for a tag could be considered, but this adds complexity and potential security risks.

Was this comment helpful? Please use 👍 or 👎 reactions on this comment.

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jun 20, 2025
@octo-sts octo-sts bot closed this Jun 20, 2025
@octo-sts
Copy link
Contributor Author

octo-sts bot commented Jun 20, 2025

superseded by #57165

@octo-sts octo-sts bot deleted the wolfictl-9a35d895-b3db-4340-80dd-82245a6fc99e branch June 21, 2025 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai/skip-comment Stop AI from commenting on PR automated pr py3-numpy-2.3 request-version-update request for a newer version of a package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wolfi-bot