ci: update pytest-codspeed to 4.2.0 to fix installation issues

[bellini666]

Summary

• Fixes pytest-codspeed installation bug: Version 4.1.0 had a symlink loop in instrument-hooks/example that caused "File name too long" errors during poetry install on macOS
• Updates CI workflow: Switched from token-based authentication to OIDC (more secure, no secrets to manage) and updated CodSpeed action to v4 with simulation mode

Changes

• pyproject.toml: Bump pytest-codspeed from >=3.0.0 to >=4.2.0
• poetry.lock: Updated to pytest-codspeed 4.2.0
• .github/workflows/test.yml:
  • Added permissions: contents: read, id-token: write for OIDC auth
  • Updated CodSpeedHQ/action from v4.1.1 to v4
  • Removed token: ${{ secrets.CODSPEED_TOKEN }} (OIDC handles auth)
  • Changed mode: instrumentation to mode: simulation

Testing

• All 29 benchmark tests pass locally
• Poetry install completes without errors

Summary by Sourcery

Update benchmarking tooling and CI configuration to resolve pytest-codspeed installation issues and modernize CodSpeed integration.

Bug Fixes:

• Resolve macOS installation failures by upgrading pytest-codspeed to version 4.2.0 in the development dependencies.

Enhancements:

• Refresh CodSpeed GitHub Action usage by moving to the v4 tag and running benchmarks in simulation mode instead of instrumentation.

CI:

• Grant GitHub Actions OIDC permissions for the test workflow and remove the need for a CodSpeed secret token-based authentication.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates pytest-codspeed to 4.2.0 to fix a macOS installation bug and adjusts the CI benchmark workflow to use the newer CodSpeed GitHub Action with OIDC-based authentication and simulation mode.

File-Level Changes

Change	Details	Files
Bump pytest-codspeed development dependency to a version that fixes the symlink loop installation issue and update the lockfile accordingly.	Increase pytest-codspeed version constraint from ">=3.0.0" to ">=4.2.0" in the dev dependencies list. Regenerate poetry.lock so that pytest-codspeed is locked to 4.2.0 and dependencies are consistent.	pyproject.toml poetry.lock
Migrate the CodSpeed CI benchmark job to the latest action version using OIDC authentication and simulation mode.	Add workflow permissions block granting read access to contents and write access to id-token for OIDC. Upgrade CodSpeedHQ/action from v4.1.1 to v4 in the benchmark step. Remove the explicit CodSpeed token input so authentication relies on GitHub OIDC instead of a stored secret. Switch CodSpeed run mode from instrumentation to simulation while keeping the pytest invocation the same.	.github/workflows/test.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[botberry]

Hi, thanks for contributing to Strawberry 🍓!

We noticed that this PR is missing a RELEASE.md file. We use that to automatically do releases here on GitHub and, most importantly, to PyPI!

So as soon as this PR is merged, a release will be made 🚀.

Here's an example of RELEASE.md:

Release type: patch

Description of the changes, ideally with some examples, if adding a new feature.

Release type can be one of patch, minor or major. We use semver, so make sure to pick the appropriate type. If in doubt feel free to ask :)

Here's the tweet text:

🆕 Release (next) is out! Thanks to @_bellini666 for the PR 👏

Get it here 👉 https://strawberry.rocks/release/(next)

[greptile-apps]

Greptile Overview

Greptile Summary

This PR fixes pytest-codspeed installation issues by bumping from >=3.0.0 to >=4.2.0, addressing a symlink loop bug in v4.1.0 that caused "File name too long" errors during poetry install on macOS.

• Updated pytest-codspeed dependency to 4.2.0 which fixes the instrument-hooks/example symlink loop issue
• Switched CI from token-based authentication to OIDC for improved security (no secrets to manage)
• Changed benchmark mode from instrumentation to simulation
• Updated CodSpeed action from pinned v4.1.1 to major version v4

Confidence Score: 5/5

• This PR is safe to merge - it's a dependency update with CI configuration changes that improve security.
• Score reflects that changes are limited to dependency version bumps and CI workflow improvements with no functional code changes. The pytest-codspeed update fixes a known bug, OIDC auth is more secure than token auth, and all changes are well-documented.
• No files require special attention - all changes are straightforward infrastructure updates.

Important Files Changed

File Analysis

Filename	Score	Overview
.github/workflows/test.yml	5/5	CI workflow updated to use OIDC auth instead of token, CodSpeed action pinned to v4 major version, and benchmark mode changed from instrumentation to simulation.
poetry.lock	5/5	Updated pytest-codspeed from 4.1.0 to 4.2.0 with new package hashes, includes Python 3.14 wheel support.
pyproject.toml	5/5	Bumped pytest-codspeed minimum version from 3.0.0 to 4.2.0 to fix symlink loop installation bug.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant OIDC as OIDC Provider
    participant CS as CodSpeed Service
    participant PT as pytest-codspeed

    GH->>OIDC: Request ID token (id-token: write)
    OIDC-->>GH: Return signed JWT
    GH->>CS: Authenticate via OIDC token
    CS-->>GH: Grant access
    GH->>PT: Run benchmarks (simulation mode)
    PT-->>GH: Benchmark results
    GH->>CS: Upload benchmark data
    CS-->>GH: Acknowledge receipt

Loading

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[botberry]

Apollo Federation Subgraph Compatibility Results

Federation 1 Support	Federation 2 Support
_service 🟢 @key (single) 🟢 @key (multi) 🟢 @key (composite) 🟢 repeatable @key 🟢 @requires 🟢 @provides 🟢 federated tracing 🔲	@link 🟢 @shareable 🟢 @tag 🟢 @override 🟢 @inaccessible 🟢 @composeDirective 🟢 @interfaceObject 🟢

Learn more:

• Apollo Federation Subgraph Specification
• Compatibility Tests

[Copilot]

Pull request overview

This PR updates the benchmarking infrastructure to resolve a macOS installation bug in pytest-codspeed 4.1.0 by upgrading to version 4.2.0, and modernizes the CI workflow to use more secure OIDC authentication.

• Updates pytest-codspeed dependency from >=3.0.0 to >=4.2.0 to fix a symlink loop bug
• Migrates CodSpeed CI workflow from token-based authentication to OIDC
• Changes benchmark execution mode from instrumentation to simulation

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 1 comment.

File	Description
pyproject.toml	Bumps pytest-codspeed minimum version constraint from >=3.0.0 to >=4.2.0
poetry.lock	Updates pytest-codspeed from 4.1.0 to 4.2.0 with new file hashes and Python 3.14 support
.gitignore	Adds .codspeed/ directory to ignore CodSpeed-generated artifacts
.github/workflows/test.yml	Adds OIDC permissions, updates CodSpeed action to v4, removes token parameter, and switches to simulation mode

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.41%. Comparing base (71b7182) to head (255a19f).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4063   +/-   ##
=======================================
  Coverage   94.41%   94.41%           
=======================================
  Files         536      536           
  Lines       35036    35036           
  Branches     1842     1842           
=======================================
  Hits        33079    33079           
  Misses       1659     1659           
  Partials      298      298           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[codspeed-hq]

CodSpeed Performance Report

Merging #4063 will not alter performance

_{Comparing fix/pytest-codspeed-update (255a19f) with main (71b7182)}

Summary

✅ 28 untouched