Blinding dependencies as core: Smokescreen fork pin, sacc, cryptography; Python floor 3.12#243
Draft
cailmdaley wants to merge 1 commit into
Draft
Blinding dependencies as core: Smokescreen fork pin, sacc, cryptography; Python floor 3.12#243cailmdaley wants to merge 1 commit into
cailmdaley wants to merge 1 commit into
Conversation
…); py3.12 floor The blinding dependencies are core runtime dependencies — no optional extra. The Smokescreen install identity is the UNIONS-WL fork pinned by SHA on its packaging branch (declares pyccl, lazy theory-backend imports, so the closure is CCL-only); the pin will be swapped to the fork's release tag once the fork packaging PRs merge. sacc>=0.12 and cryptography are declared explicitly; pyccl was already core. requires-python rises 3.11 -> 3.12 (Smokescreen requires >=3.12); ruff target-version follows to py312. uv.lock regenerated: fork ref resolved, no firecrown and no numpy ceiling anywhere in the graph. deploy-image CI gains an `import smokescreen` step against the freshly built image; the Dockerfile is unchanged (core closure installs via the existing line). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KpaRHk3QwN13myduQ3hJyf
1d4826c to
bd15a0b
Compare
cailmdaley
added a commit
that referenced
this pull request
Jul 11, 2026
…ll image from lock (#266) * felt: fork-implementation — #243 green, #253 rework under fix; fork PRs reviewed Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KpaRHk3QwN13myduQ3hJyf * felt: fork-implementation — constitution absorbs #241 re-rulings (one-file layout, per-part blinding at birth) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KpaRHk3QwN13myduQ3hJyf * deps: declare cosmo_numba + numba, adopt committed uv.lock, install image from lock Make sp_validation's environment reproducible so an image build can never re-resolve numpy past numba's ceiling — the drift that silently upgraded numpy to 2.5 and broke numba/ngmix. - Declare cosmo-numba (aguinot/cosmo-numba@main; not on PyPI) — the numba B-mode kernels b_modes.py imports. main carries numpy-2 FFT support via its rocket-fft dep and declares its own deps, so numba's numpy window reaches the resolver. Also pin numba directly: the one load-bearing constraint, made visible and resilient to cosmo-numba's dep metadata (which has emptied out between refs). - Declare the other imported-but-undeclared deps the audit found: matplotlib, pandas, pyyaml (core, src/); fitsio (glass extra); a new `workflow` extra for snakemake + mpi4py. cv_runner and unions_wl left undeclared (no resolvable source) with a NOTE. - requires-python and ruff target -> 3.12 (the container's Python; cosmo-numba's floor). - Commit uv.lock (un-ignored) as the SSOT; scope it to Linux via [tool.uv]. numpy resolves to 2.4.6, inside numba 0.66's <2.5 window. - Dockerfile installs from the lock: `uv sync --frozen --inexact` into the base image's /app/.venv (--inexact keeps the ShapePipe stack). Drops the ad-hoc snakemake layer and the cs_util `--upgrade` workaround — the lock pins cs_util 0.2.2 (with cs_util.size), decoupling us from the base image's cs_util. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Vtw1qcgTrQ6YuMvxwYzNup * felt: uv-lock-cosmo-numba — @main resolution, install model, cosmo-numba gotcha finding Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Vtw1qcgTrQ6YuMvxwYzNup * test: don't load base image's stale pytest-pydocstyle/pycodestyle plugins uv sync installs a newer pytest than the base ShapePipe image's pytest-pydocstyle/pytest-pycodestyle (>=2.4) expect; their pytest_collect_file hooks use the removed `path` arg and crash collection. sp_validation lints with ruff, so disable both via addopts (`-p no:`). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Vtw1qcgTrQ6YuMvxwYzNup --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes the blinding dependencies installable and reproducible as core runtime dependencies of sp_validation. Blinding the tomographic data vector needs Smokescreen with its CCL theory backend; with firecrown out of the picture the closure is small (Smokescreen fork +
cryptography+sacc;pycclalready core), so it lives in the base install — there is no[blinding]extra.Closes #242.
What this PR declares
smokescreen @ git+https://github.com/UNIONS-WL/Smokescreen@588a6b9The fork at this ref declares
pycclin its metadata and imports its theory backends lazily, so a clean install is CCL-only — no firecrown anywhere in the resolved graph, and no numpy ceiling. Nothing is published to PyPI; the fork ships as a git pin only.Provisional pin: the SHA points at the fork's packaging branch. Once the fork packaging PRs merge and a release tag is cut, this pin will be updated to the tag (same content, stable name) before merge.
sacc>=0.12andcryptographyare declared explicitly in coredependencies, so the runtime closure is self-documenting and independent of fork-metadata drift.requires-pythonrises>=3.11→>=3.12(Smokescreen requires 3.12); rufftarget-versionfollows topy312. This drops Python 3.11 support for the package — safe against the container base (python:3.12-slim-bookwormviashapepipe:develop) and CI, which runs only inside that image; no known consumer runs 3.11.Container and CI
uv pip install -e '.[test,glass]'line installs it.deploy-image.ymlgains one step: animport smokescreencheck against the freshly built image, next to the existingimport sp_validationsmoke test and the fast test suite, all of which gate publication.Verified
On Python 3.12, a fresh
uv venv+uv pip install -e .resolves without firecrown and without any numpy upper bound (numpy 2.5.1 lands), andimport smokescreensucceeds in the installed environment.uv lockresolves the fork ref cleanly (254 packages; zerofirecrown, zeronumpy<markers).uv.lockstays untracked per this repo's.gitignore.🤖 Generated with Claude Code
https://claude.ai/code/session_01KpaRHk3QwN13myduQ3hJyf