Upstream fragility and narrow dependency

[whisper67265]

Close #130, close #132.

Summary by CodeRabbit

• New Features
  • Added a Weblate pin-bump pre-check that verifies internal API contracts against the latest upstream release before updating dependencies.
• Bug Fixes
  • Improved release automation to detect the pinned Weblate version across a broader set of pyproject.toml dependency formats.
  • Updated pin-sync/release error reporting to reference the resolved Weblate[postgres]==<version> pin format.
• Tests
  • Added contract tests that validate key Weblate internals used by the project.
• Chores
  • Switched runtime Weblate extras from Weblate[all] to Weblate[postgres] and updated the changelog/workflows to match.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 810995b0-9831-493b-81b9-250566d9520d

📥 Commits

Reviewing files that changed from the base of the PR and between f298036 and 4769698.

📒 Files selected for processing (3)

• .github/WORKFLOWS.md
• scripts/check-weblate-internal-contract.sh
• tests/test_weblate_internal_contract.py

✅ Files skipped from review due to trivial changes (1)

• .github/WORKFLOWS.md

🚧 Files skipped from review as they are similar to previous changes (2)

• tests/test_weblate_internal_contract.py
• scripts/check-weblate-internal-contract.sh

---

📝 Walkthrough

Walkthrough

The PR switches the Weblate pin to Weblate[postgres], broadens pin parsing and rewrite logic, adds a latest-release contract check script and workflow gate, and adds pytest contract tests plus marker configuration.

Changes

Weblate pin handling and release parsing

Layer / File(s)	Summary
Pin parsing and rewrite updates pyproject.toml, .github/workflows/release.yml, scripts/bump-weblate-version.sh, scripts/check-weblate-pin-sync.sh, scripts/weblate-version-map.sh, CHANGELOG.md	Weblate[all] is replaced with Weblate[postgres], and the release, bump, sync, and version-map logic now accepts general Weblate...==... pins; the changelog records the dependency change.
Contract tests and marker wiring pyproject.toml, tests/test_weblate_internal_contract.py	Pytest adds the weblate_contract marker and excludes it by default, while the new test module checks Weblate formats parsing, plugin formats output, and URL routing layout.
Contract check workflow and script scripts/check-weblate-internal-contract.sh, .github/workflows/weblate-pin-bump.yml, .github/WORKFLOWS.md	A new script resolves and installs the latest PyPI Weblate release, runs the contract tests, and the pin-bump workflow waits on that job before committing the bump; the workflow table entry is updated.

Sequence Diagram(s)

sequenceDiagram
  participant W as .github/workflows/weblate-pin-bump.yml
  participant S as scripts/check-weblate-internal-contract.sh
  participant U as uv
  participant P as PyPI
  participant Py as pytest
  participant T as tests/test_weblate_internal_contract.py

  W->>S: start contract-latest with --latest
  S->>U: query PyPI JSON for latest Weblate release
  U->>P: fetch release list
  S->>U: install Weblate[postgres]==<latest>
  S->>Py: run pytest -m weblate_contract
  Py->>T: execute contract tests
  Py-->>S: exit status
  S-->>W: pass or fail

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• cppalliance/cppa-weblate-plugin#89: Touches the same Weblate pin-bump workflow and version scripts, with overlapping pin handling and workflow wiring.
• cppalliance/cppa-weblate-plugin#88: Updates .github/workflows/release.yml version parsing for Weblate pins, which is the same workflow step modified here.

Suggested reviewers

• henry0816191
• wpak-ai

Poem

A rabbit hopped through pins and tests,
and sniffed out Weblate’s freshest zest.
With postgres crumbs and contract cheer,
the workflow thumped, “all clear, all clear!” 🐇

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title is concise and clearly points to the upstream fragility/dependency theme of the PR.
Linked Issues check	✅ Passed	The new contract job, --latest script mode, and pytest marker exclusions satisfy #130's acceptance criteria.
Out of Scope Changes check	✅ Passed	The additional workflow, script, docs, and dependency pin updates all support the Weblate contract-bump flow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

scripts/check-weblate-internal-contract.sh (1)

59-60: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Add a timeout to the PyPI request.

urllib.request.urlopen without a timeout can hang indefinitely if PyPI is unresponsive, stalling the workflow until the job-level timeout. Pass an explicit timeout.

🔧 Proposed fix

-with urllib.request.urlopen("https://pypi.org/pypi/Weblate/json") as resp:
+with urllib.request.urlopen("https://pypi.org/pypi/Weblate/json", timeout=30) as resp:
     data = json.load(resp)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/check-weblate-internal-contract.sh` around lines 59 - 60, The PyPI
fetch in check-weblate-internal-contract.sh can hang indefinitely because
urllib.request.urlopen is called without a timeout. Update the request in the
Weblate JSON loading block to pass an explicit timeout value through urlopen so
the workflow fails fast if PyPI is unresponsive. Keep the change localized to
the urllib.request.urlopen/json.load flow used for the Weblate package lookup.

tests/test_weblate_internal_contract.py (1)

60-71: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Reorder the tuple-type check before the emptiness check.

if not formats would also be True if formats is None or a non-tuple falsy value, surfacing the "empty tuple" message for a type-contract break. Checking isinstance(..., tuple) first yields a clearer diagnostic for the actual contract violation.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_weblate_internal_contract.py` around lines 60 - 71, The contract
check in weblate_formats_with_plugin_formats() is validating tuple emptiness
before confirming the value is actually a tuple, which can mask type-contract
failures with an “empty tuple” message. In the test_weblate_internal_contract
assertion block, move the isinstance(formats, tuple) check ahead of the if not
formats check so non-tuple or None values fail with the correct type diagnostic
first, then keep the empty-tuple assertion afterward.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/WORKFLOWS.md:
- Line 25: The “Weblate version pinning” table still shows the wrong example
package pin; update the `pyproject.toml` example entry to match the current pin
used by the repo. Locate the table row in `.github/WORKFLOWS.md` and change the
`Weblate[all]==2026.5` example to `Weblate[postgres]==2026.5` so the documented
example aligns with the actual pin.

---

Nitpick comments:
In `@scripts/check-weblate-internal-contract.sh`:
- Around line 59-60: The PyPI fetch in check-weblate-internal-contract.sh can
hang indefinitely because urllib.request.urlopen is called without a timeout.
Update the request in the Weblate JSON loading block to pass an explicit timeout
value through urlopen so the workflow fails fast if PyPI is unresponsive. Keep
the change localized to the urllib.request.urlopen/json.load flow used for the
Weblate package lookup.

In `@tests/test_weblate_internal_contract.py`:
- Around line 60-71: The contract check in weblate_formats_with_plugin_formats()
is validating tuple emptiness before confirming the value is actually a tuple,
which can mask type-contract failures with an “empty tuple” message. In the
test_weblate_internal_contract assertion block, move the isinstance(formats,
tuple) check ahead of the if not formats check so non-tuple or None values fail
with the correct type diagnostic first, then keep the empty-tuple assertion
afterward.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e9d38824-b113-46ec-978a-27ef438dc80f

📥 Commits

Reviewing files that changed from the base of the PR and between 07ca2ca and f298036.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (10)

• .github/WORKFLOWS.md
• .github/workflows/release.yml
• .github/workflows/weblate-pin-bump.yml
• CHANGELOG.md
• pyproject.toml
• scripts/bump-weblate-version.sh
• scripts/check-weblate-internal-contract.sh
• scripts/check-weblate-pin-sync.sh
• scripts/weblate-version-map.sh
• tests/test_weblate_internal_contract.py