fix(ci): upgrade poetry 1.4.2 -> 2.3.2 and relock aw-core

[ErikBjare]

Problem

All the committed poetry.lock files are already in Poetry 2.x format (lock-version 2.0/2.1, generated by Poetry 2.0–2.3), but CI installs poetry==1.4.2, which can't read them. Every job logs, repeatedly:

The lock file might not be compatible with the current version of Poetry.
Upgrade Poetry to ensure the lock file is read properly or, alternatively,
regenerate the lock file with the `poetry lock` command.

A separate, real warning appeared only for aw-core:

Warning: poetry.lock is not consistent with pyproject.toml.
You may be getting improper dependencies.

I checked every submodule lock with Poetry 2.3.2 (poetry check --lock) — aw-core was the only one genuinely inconsistent; the rest were just being misread by the ancient CI poetry.

Fix

1. Pin poetry==2.3.2 (lines 339 & 535) — the toolchain the locks were generated with — so they're read correctly. The locks being newer than CI's poetry means 2.x is the correct tool here, not a risky upgrade.
2. Bump the aw-core submodule to pull in its relock (fix: regenerate poetry.lock to match pyproject.toml aw-core#140). That diff is only the content-hash + generator version + one normalized constraint — no dependency versions change.

Validation

This triggers the full build matrix (Qt + Tauri × macOS/Linux/Windows). Watching it to confirm poetry install/make build behave under poetry 2.x before merge.

Part of the CI-reliability cleanup alongside #1326 (aw-watcher-window flake) and #1327 (MACOSX_DEPLOYMENT_TARGET).

[greptile-apps]

Greptile Summary

This PR aligns the CI toolchain with the lock file format already in use. The committed poetry.lock files across submodules are already in Poetry 2.x format (lock-version 2.0/2.1), but CI was still installing poetry==1.4.2, causing repeated compatibility warnings and one real inconsistency in aw-core.

• release.yml: Both "Install dependencies" steps update the pinned Poetry version from 1.4.2 to 2.3.2, matching the tool that generated the existing lock files.
• aw-core submodule: Bumped to a4d2064 to pull in a relock that resolves the one genuine poetry check --lock failure (only the content-hash, generator version, and one normalized constraint differ — no dependency version changes).

Confidence Score: 5/5

Safe to merge — both changed files are minimal, targeted, and consistent with each other.

The only code that changes is a two-character version string in two symmetrical workflow steps, plus a submodule pointer advancement whose diff the author has verified with poetry check --lock. Every existing lock file was already written by Poetry 2.x, so this upgrade restores consistency rather than introducing a new dependency. No functional code is touched.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	Two identical hunks each replace poetry==1.4.2 with poetry==2.3.2 in the Install dependencies step; no other logic changes. Both the Qt and Tauri job paths are updated consistently.
aw-core	Submodule pointer advanced from f320889 to a4d2064 to pull in aw-core's relock (PR ActivityWatch/aw-core#140); only metadata fields changed, no dependency versions affected.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant CI as GitHub Actions Runner
    participant pip as pip3
    participant poetry as Poetry 2.3.2
    participant venv as Python venv
    participant make as Makefile

    CI->>pip: "pip3 install poetry==2.3.2"
    pip-->>CI: poetry binary available globally
    CI->>venv: python3 -m venv venv
    CI->>venv: source venv/bin/activate
    CI->>poetry: poetry install (reads lock v2.x)
    poetry-->>venv: dependencies installed
    CI->>make: make build / make package
    make-->>CI: artifacts produced

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant CI as GitHub Actions Runner
    participant pip as pip3
    participant poetry as Poetry 2.3.2
    participant venv as Python venv
    participant make as Makefile

    CI->>pip: "pip3 install poetry==2.3.2"
    pip-->>CI: poetry binary available globally
    CI->>venv: python3 -m venv venv
    CI->>venv: source venv/bin/activate
    CI->>poetry: poetry install (reads lock v2.x)
    poetry-->>venv: dependencies installed
    CI->>make: make build / make package
    make-->>CI: artifacts produced

Loading

_{Reviews (1): Last reviewed commit: "fix(ci): upgrade poetry 1.4.2 -> 2.3.2 a..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8082918fd9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Pin a Poetry release compatible with Python 3.9

In both build matrices this step runs after actions/setup-python selects matrix.python_version, which is currently [3.9], so pip3 is the Python 3.9 pip. Poetry 2.3.2 declares Requires-Python: >=3.10,<4.0, so this install fails before any build/test/package step runs in the Qt and Tauri jobs; install Poetry with a 3.10+ interpreter or pin a Poetry 2.x release that still supports Python 3.9.

Useful? React with 👍 / 👎.

[ErikBjare]

Good catch — fixed in 2815a4b by pinning poetry==2.2.1 (latest release supporting Python 3.9; 2.3.x requires >=3.10). It still reads the committed lock-version 2.1 files cleanly.