revert(docker): pin images to 3.12 + stop Dependabot auto-merge#51
Merged
Conversation
Two coupled changes responding to an auto-merge incident. Revert to Python 3.12: A Dependabot auto-merge episode bumped the builder and mcp_server images to Python 3.14 (search-server was already 3.14). CI's test suite runs on 3.12, so the 3.14 images ran a Python version the suite never validated. Running the full suite on 3.14 manually surfaced a PythonFinalizationError from psycopg's connection pool at interpreter shutdown (3.14 made joining threads during finalization an error) — a regression the 3.12 suite doesn't show. Pin builder, search-server, and mcp_server back to 3.12. This also completes roadmap Feature 11 (search-server was the long-standing 3.14 outlier): all images now match CI's 3.12. Removed the resolved "Docker Python" row from the CLAUDE.md deviations table. Stop auto-merge: Remove .github/workflows/dependabot-auto-merge.yml. The auto-merge- everything policy landed that base-image version bump with no human review, and CI (testing on 3.12) could not catch the untested-runtime divergence. Dependabot still opens PRs (dependabot.yml coverage kept) and branch protection still requires the full check suite — but merges are now manual. Verified: search-server builds on 3.12 (Python 3.12.13); full suite passes on 3.12 (735 tests).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Dependabot auto-merged a Python base-image bump (
3.12→3.14) across the builder and mcp_server images (search-server was already 3.14) with no human review. CI tests on 3.12, so the 3.14 images ran a Python version the suite never validated. Running the full suite on 3.14 manually surfaced aPythonFinalizationErrorfrom psycopg's connection pool at interpreter shutdown (3.14 made joining threads during finalization an error) — a regression the 3.12 suite doesn't show. 735 tests "pass" on 3.14, but with that noisy unclean-shutdown behavior per worker.What
1. Revert all images to Python 3.12
Dockerfile(builder)docker/search-server/Dockerfilemcp_server/Dockerfiledocker/leaderboard/DockerfileAll images now match CI's 3.12 — which also completes roadmap Feature 11 (search-server was the original 3.14 outlier). Updated F11 to Done and removed the resolved "Docker Python" row from CLAUDE.md's deviations table.
2. Stop Dependabot auto-merge
.github/workflows/dependabot-auto-merge.yml.allow_auto_mergesetting.dependabot.ymlcoverage (uv / search-server pip / docker / actions) andmainbranch protection (full required-check suite). So Dependabot still opens (grouped) PRs and they still must be green — but a human merges them now, so base-image and major bumps get reviewed.Not reverted
The other auto-merged Dependabot PRs are left in place (gunicorn 23→26 — boot-tested by the integration check, aiohttp, fetch-metadata, search-server patch group). Say the word if you want any of those rolled back too.
Verification
Python 3.12.13in the image)PythonFinalizationErroris gone