LCORE-1326: Updated Konflux dependencies

[tisnik]

Description

LCORE-1326: Updated Konflux dependencies

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement
• Benchmarks improvement

Tools used to create PR

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-1326

Summary by CodeRabbit

Release Notes

• Chores
  • Updated Python runtime version used for builds.
  • Updated dependency versions for improved compatibility and performance.
  • Modified build configuration and dependency specifications.

[coderabbitai]

Walkthrough

Dependencies and configuration files are updated to upgrade Python version from 3.12 to 3.13, remove charset-normalizer from Tekton prefetch lists, and update package versions (cachetools, google-auth) and hashes across requirements files.

Changes

Cohort / File(s)	Summary
Tekton Configuration .tekton/lightspeed-stack-pull-request.yaml, .tekton/lightspeed-stack-push.yaml	Reduced Python packages list in prefetch-input section and removed charset-normalizer from prefetch-pip dependency packages.
Requirements Files requirements-build.txt, requirements.hashes.source.txt, requirements.hashes.wheel.txt	Updated Python build version to 3.13; updated dependency versions for cachetools (7.0.3→7.0.4) and google-auth (2.48.0→2.49.0); modified charset-normalizer and googleapis-common-protos entries with updated versions and hashes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'LCORE-1326: Updated Konflux dependencies' accurately reflects the primary changes across all files—updating Python dependencies in Tekton/Konflux configuration files and requirements files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

requirements-build.txt (1)

99-112: ⚠️ Potential issue | 🔴 Critical

Remove duplicate setuptools version.

The file contains conflicting setuptools entries:

• setuptools==82.0.0 at line 99
• setuptools==82.0.1 at line 101

Remove line 99-100 and add charset-normalizer to the via dependencies of setuptools==82.0.1. This duplicate will cause pip/uv to fail during installation. Additionally, uv.lock only contains setuptools==82.0.0, creating further inconsistency that must be resolved once this is consolidated.

Proposed fix

 # The following packages are considered to be unsafe in a requirements file:
-setuptools==82.0.0
-    # via charset-normalizer
 setuptools==82.0.1
     # via
     #   authlib
     #   azure-identity
     #   blobfile
     #   cachetools
     #   calver
     #   certifi
+    #   charset-normalizer
     #   emoji
     #   google-api-core
     #   google-cloud-bigquery

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@requirements-build.txt` around lines 99 - 112, Remove the duplicate
setuptools entry by deleting the setuptools==82.0.0 lines and keep only
setuptools==82.0.1; update the comment/via block for setuptools==82.0.1 to
include charset-normalizer as one of the via dependencies, and then update
uv.lock to replace any remaining setuptools==82.0.0 entry with
setuptools==82.0.1 so the lockfile and requirements are consistent.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@requirements-build.txt`:
- Line 2: The requirements-build.txt has conflicting setuptools pins
(setuptools==82.0.0 and setuptools==82.0.1) and a Python version mismatch
between its header ("Python 3.13") and the Containerfile which uses Python 3.12
and pip3.12; regenerate the lockfile with pip-compile targeting the correct
Python version to remove duplicate setuptools entries (so only one setuptools
version remains) and ensure the header matches the runtime (either regenerate
requirements-build.txt for Python 3.12 to match the Containerfile/pip3.12, or
update the Containerfile to use Python 3.13 and then regenerate), then verify
the resulting file no longer contains both setuptools pins and that the Python
version in the generated header matches the container/runtime tooling.

---

Outside diff comments:
In `@requirements-build.txt`:
- Around line 99-112: Remove the duplicate setuptools entry by deleting the
setuptools==82.0.0 lines and keep only setuptools==82.0.1; update the
comment/via block for setuptools==82.0.1 to include charset-normalizer as one of
the via dependencies, and then update uv.lock to replace any remaining
setuptools==82.0.0 entry with setuptools==82.0.1 so the lockfile and
requirements are consistent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 170cb2ec-5334-4a75-beb4-60aaf54fd2dc

📥 Commits

Reviewing files that changed from the base of the PR and between e73778a and d2ddba0.

📒 Files selected for processing (5)

• .tekton/lightspeed-stack-pull-request.yaml
• .tekton/lightspeed-stack-push.yaml
• requirements-build.txt
• requirements.hashes.source.txt
• requirements.hashes.wheel.txt

💤 Files with no reviewable changes (1)

• requirements.hashes.wheel.txt

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check Python version references in Containerfile
echo "=== Containerfile Python references ==="
grep -n "python" Containerfile | head -20

Repository: lightspeed-core/lightspeed-stack

Length of output: 672

---

🏁 Script executed:

#!/bin/bash
# Check the size and first few lines of requirements-build.txt
echo "=== requirements-build.txt header and length ==="
wc -l requirements-build.txt
head -10 requirements-build.txt

# Check if there are any Python version markers or constraints
echo -e "\n=== Python version markers or constraints ==="
grep -i "python" requirements-build.txt | head -10

Repository: lightspeed-core/lightspeed-stack

Length of output: 558

---

🏁 Script executed:

#!/bin/bash
# Check for environment markers or Python version constraints
echo "=== Dependencies with environment markers ==="
grep -E "python_version|sys_platform|platform_machine" requirements-build.txt

# Check if all dependencies are compatible with both 3.12 and 3.13
echo -e "\n=== All dependencies listed ==="
grep -v "^#" requirements-build.txt | grep -v "^$" | head -30

# Check if there are any comments indicating Python 3.13 specific content
echo -e "\n=== Lines mentioning 3.13 or version-specific content ==="
grep -i "3\.13\|3\.12\|version" requirements-build.txt

Repository: lightspeed-core/lightspeed-stack

Length of output: 1033

---

🏁 Script executed:

#!/bin/bash
# Check for duplicate package entries
echo "=== Check for duplicate setuptools entries ==="
grep "^setuptools==" requirements-build.txt -n

# Check all packages to see if any are duplicated
echo -e "\n=== Check for any duplicate package entries ==="
grep "^[a-z]" requirements-build.txt | awk '{print $1}' | sort | uniq -d

# Get more context around the setuptools entries if they exist
echo -e "\n=== Full context around setuptools entries ==="
grep -n "setuptools" requirements-build.txt

Repository: lightspeed-core/lightspeed-stack

Length of output: 498

---

🏁 Script executed:

#!/bin/bash
# Get detailed context around the duplicate setuptools entries
echo "=== Context around setuptools==82.0.0 (lines 95-105) ==="
sed -n '95,105p' requirements-build.txt

echo -e "\n=== Context around setuptools==82.0.1 (lines 99-110) ==="
sed -n '99,110p' requirements-build.txt

Repository: lightspeed-core/lightspeed-stack

Length of output: 668

---

Fix duplicate setuptools entries and resolve Python version mismatch.

This file contains two critical issues:

1. Duplicate setuptools entries (lines 99 and 101): setuptools==82.0.0 and setuptools==82.0.1 cannot both be installed. This will cause build failures. Regenerate this file to resolve the conflicting dependency versions.

2. Python version mismatch: The header indicates Python 3.13, but the Containerfile uses Python 3.12 base images (lines 2, 4) and explicitly calls pip3.12 (line 104). Regenerate this file with Python 3.12, or update the Containerfile to use Python 3.13.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@requirements-build.txt` at line 2, The requirements-build.txt has conflicting
setuptools pins (setuptools==82.0.0 and setuptools==82.0.1) and a Python version
mismatch between its header ("Python 3.13") and the Containerfile which uses
Python 3.12 and pip3.12; regenerate the lockfile with pip-compile targeting the
correct Python version to remove duplicate setuptools entries (so only one
setuptools version remains) and ensure the header matches the runtime (either
regenerate requirements-build.txt for Python 3.12 to match the
Containerfile/pip3.12, or update the Containerfile to use Python 3.13 and then
regenerate), then verify the resulting file no longer contains both setuptools
pins and that the Python version in the generated header matches the
container/runtime tooling.