CircleCI failure after return to project - Poetry update

The Context

Four months ago, I was working on a Django project using CircleCI for for automated CI/CD. We left the project in working order with pushes to the main branch triggering a full deployment.
Today, I came back to the project and pushed my first small ticket - the code hadn't changed but now deployments were broken!
Running the CI on the current deployed code also failed.

The Problem

The Ci step, Install python dependencies was failing:
#!/bin/bash -eo pipefail poetry install Skipping virtualenv creation, as specified in config file. Installing dependencies from lock file Package operations: 96 installs, 10 updates, 0 removals Exited with code exit status 1 CircleCI received exit code 1
(Not a very helpful error code!)
Trying to reproduce locally (run poetry install inside local docker container) ran into no issues.
Because the code hadn’t changed, it must be that some third-party dependency that changed to become incompatible with our build step.
Our hypotheses:
  1. CircleCI had been updated in some way:
      • a quick google showed no recent results for poetry breaking in CircleCI.
  1. Some third-party code used within the build step had changed:
      • the only two dependencies installed before installing the application dependencies were:
        • gdal → linux dependency which succeeded (not likely a problem)
        • poetry (the dependency manager itself) → relates to the error
Checking the previous build steps, there was one for Install poetry:
- run: name: Install poetry command: | pip install poetry poetry config virtualenvs.create false
This clearly doesn’t specify a specific version of poetry to install, so pip will install the latest version by default.
Checking the change log for Poetry, we can see there is a new version out 1.3.0 which was released since the last time the CI step succeeded. It makes sense that locally poetry install works fine if the version of Poetry I’m using in my local Docker image is older (as I’ve not updated my image recently).
Looking at the change log, it seems that New lock file format might be the breaking relevant - our lockfile might be out-dated, causing an exception in poetry install.

The Solution

We often think about how to align libraries using features like lock files (it’s really important), however in this case we didn’t consider explicitly versioning the package manager itself - the consequence of this was to take away the consistency that lock files are supposed to guarantee.
I’m glad this threw an error now rather than failing silently and giving us inconsistent packages which may have led to some un-detectable bugs later on.
In the short term, I updated the install command to the last working version (for us) of Poetry. This means CircleCI will always install that version.
Given more time, I would regenerate the lockfile, update the explicit version to latest, and confirm the builds were succeeding and working as expected (would need some validation from our client).

The Code

The new YAML look like this:
- run: name: Install poetry command: | pip install poetry==1.2.2 poetry config virtualenvs.create false