Skip to content

Restores pinned dependency versions for Rust#3844

Merged
brian-hussey merged 11 commits intomainfrom
build-witn-pinned-versions
Mar 26, 2026
Merged

Restores pinned dependency versions for Rust#3844
brian-hussey merged 11 commits intomainfrom
build-witn-pinned-versions

Conversation

@dima-zakharov
Copy link
Copy Markdown
Collaborator

@dima-zakharov dima-zakharov commented Mar 24, 2026

Pin libraries versions.

🔗 Related Issue

Pin rust libraries and maturin version as discussed in Slack

📝 Summary

Restores pinned dependency versions for Rust tooling and adds stub files for the Rust plugin infrastructure.

Changes

 - Pin maturin version in pyproject.toml to ensure reproducible builds
 - Restore Cargo.lock files for plugins_rust/ and tools_rust/mcp_runtime/ directories (4,275 lines)
 - Add Python stub file (__init__.pyi) for url_reputation_rust module to improve type hints
 - Cleanup: Remove redundant .gitignore entries that were excluding lock files

🏷️ Type of Change

  • Bug fix
  • Feature / Enhancement
  • Documentation
  • Refactor
  • Chore (deps, CI, tooling)
  • Other (describe below)

🧪 Verification

Check Command Status
Build make rust-build Ok
Unit tests make test Ok
Coverage ≥ 81% make coverage Ok

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • Tests added/updated for changes
  • Documentation updated (if applicable)
  • No secrets or credentials committed

📓 Notes (optional)

Chore task no functionality changes.

@dima-zakharov
Restore cargo lock file
bbdde54 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
pin maturin version
9da5e51 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
stub file addtion
36f2196 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
restore Cargo.lock files
a2350a0 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
update stub files
82a3f9c 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@github-actions

This comment was marked as outdated.

Sign in to view
@dima-zakharov
Follow suggestion of CI manifest check
47079eb 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
Ugrade aws-lc-rs as found by CI CVE checks
b3e5a26 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
Ugrade rustls-webpki as found by CI CVE checks
a80cc1e 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
@dima-zakharov
Remove before refactor layout Cargo.lock file
c43eb7b 
Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
dawid-nowak
dawid-nowak requested changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dawid-nowak dawid-nowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we still need to add Cargo.lock files from rust_plugins/* to git , don't we?

lucarlig
lucarlig requested changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@lucarlig lucarlig left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dima-zakharov fast-test-server still missing cargo.lock

@dima-zakharov
pin libs
f28774e 
Signed-off-by: Dima Zakharov <zakharov@ibm.com>
@lucarlig
Copy link
Copy Markdown
Collaborator

lucarlig commented Mar 25, 2026

do the local pyproject.toml in each rust plugin and any other pyo3 user also need to have pinned versions?

@dima-zakharov
Copy link
Copy Markdown
Collaborator Author

dima-zakharov commented Mar 25, 2026
edited
Loading

do the local pyproject.toml in each rust plugin and any other pyo3 user also need to have pinned versions?

I checked these files they do not specify any deps in them. So we can add the lock files, but we can use them as is.

@dima-zakharov dima-zakharov reopened this Mar 25, 2026
@dima-zakharov dima-zakharov requested review from dawid-nowak and sco3 and removed request for sco3 March 25, 2026 10:00
@dima-zakharov
Copy link
Copy Markdown
Collaborator Author

dima-zakharov commented Mar 26, 2026
edited
Loading

@brian-hussey Please review, the changes are very small, no code changes, just pinning the dependencies with .lock files and maturin version is specified in --dev section of main pyproject.toml. And try merge if you are happy, I am not allowed to merge this PR myself.

brian-hussey
brian-hussey approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@brian-hussey brian-hussey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@brian-hussey brian-hussey merged commit b36f3d0 into main Mar 26, 2026
40 checks passed
@brian-hussey brian-hussey deleted the build-witn-pinned-versions branch March 26, 2026 11:59
@brian-hussey
Copy link
Copy Markdown
Member

brian-hussey commented Mar 26, 2026

I applied Admin override to merge this PR after all checks passed and getting multiple PR reviews from the team.

brian-hussey pushed a commit that referenced this pull request Mar 26, 2026
@dima-zakharov @brian-hussey
Restores pinned dependency versions for Rust (#3844)
6c2b0bf 
* Restore cargo lock file

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* pin maturin version

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* stub file addtion

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* restore Cargo.lock files

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* update stub files

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* Follow suggestion of CI manifest check

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* Ugrade aws-lc-rs as found by CI CVE checks

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* Ugrade rustls-webpki  as found by CI CVE checks

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* Remove before refactor layout Cargo.lock file

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>

* pin libs

Signed-off-by: Dima Zakharov <zakharov@ibm.com>

---------

Signed-off-by: Dmitry Zakharov <zakharov@ibm.com>
Signed-off-by: Dima Zakharov <zakharov@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucarlig lucarlig lucarlig approved these changes

@dawid-nowak dawid-nowak dawid-nowak approved these changes

@brian-hussey brian-hussey brian-hussey approved these changes

@crivetimihai crivetimihai Awaiting requested review from crivetimihai crivetimihai is a code owner

+1 more reviewer

@sco3 sco3 sco3 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dima-zakharov @lucarlig @brian-hussey @sco3 @dawid-nowak