Fixing Detection of Unpinned Dependencies for DDEV Validate DEP

[ddog-nasirthomas]

What does this PR do?

Fixes ddev validate dep so unpinned dependencies are not flagged for integrations-extras and marketplace repos as errors. Unpinned dependencies should only be flagged for integrations-core.

An example of a dependency that got flagged before as unpinned for the marketplace repo:

Unpinned version found for dependency `boto3`: crest_data_systems_integration_backup_and_restore_tool
Dependency boto3 found in the crest_data_systems_integration_backup_and_restore_tool integration requirements but not in the agent requirements, run `ddev dep freeze` to sync them.

[project.optional-dependencies]
deps = [
"azure-storage-blob>=12.14.1",
"google-cloud-storage>=2.7.0",
"boto3",
"botocore",
"paramiko",
"PySocks",
]

In integrations-extras and marketplace, integrations are distributed/managed differently, and many deps (especially optional ones) are not expected to be frozen into Agent requirements.

Motivation

AI-6341

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
• If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

[datadog-datadog-prod-us1]

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 100.00%
• Overall Coverage: 78.51% (-8.67%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 7a7e1fd | Docs | Datadog PR Page | Give us feedback!}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.94%. Comparing base (fd79c30) to head (7a7e1fd).
⚠️ Report is 6 commits behind head on master.

Additional details and impacted files

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 009ff5a2da

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Detect core mode from CLI repo choice, not repo object name

Compute repo_core from ctx.obj.repo.name misclassifies ddev -x runs inside integrations-core as non-core, because Application.set_repo(..., here=True) sets the repo name to local; this silently disables pinning and agent-sync validations that should still run for core checkouts. It can also break the legacy standalone CLI path where ctx.obj is a dict (tooling/cli.py), not an object with .repo, causing an attribute error instead of validating dependencies.

Useful? React with 👍 / 👎.

[dd-octo-sts]

⚠️ Recommendation: Add qa/skip-qa label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

[dd-octo-sts]

Validation Report

All 20 validations passed.

Show details

Validation	Description	Status
agent-reqs	Verify check versions match the Agent requirements file	✅
ci	Validate CI configuration and Codecov settings	✅
codeowners	Validate every integration has a CODEOWNERS entry	✅
config	Validate default configuration files against spec.yaml	✅
dep	Verify dependency pins are consistent and Agent-compatible	✅
http	Validate integrations use the HTTP wrapper correctly	✅
imports	Validate check imports do not use deprecated modules	✅
integration-style	Validate check code style conventions	✅
jmx-metrics	Validate JMX metrics definition files and config	✅
labeler	Validate PR labeler config matches integration directories	✅
legacy-signature	Validate no integration uses the legacy Agent check signature	✅
license-headers	Validate Python files have proper license headers	✅
licenses	Validate third-party license attribution list	✅
metadata	Validate metadata.csv metric definitions	✅
models	Validate configuration data models match spec.yaml	✅
openmetrics	Validate OpenMetrics integrations disable the metric limit	✅
package	Validate Python package metadata and naming	✅
readmes	Validate README files have required sections	✅
saved-views	Validate saved view JSON file structure and fields	✅
version	Validate version consistency between package and changelog	✅

View full run