switch to using uv#66
Conversation
|
see https://github.com/keewis/reportlog-test/actions/runs/27984701030/job/82823258100 for a test run. I didn't have time yet to check if the lock file is actually being used (if it's not in use it might be worth replacing |
|
should be ready now, and I can confirm that the lock file is in use (or at least, that the exact versions we have in the lock file are being installed). |
Zeitsperre
left a comment
Zeitsperre
left a comment
There was a problem hiding this comment.
I can't sign off here, but it looks good as far as I can tell!
There was a problem hiding this comment.
This looks great! You can probably also configure Dependabot to manage updates in this file as well: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#package-ecosystem-
There was a problem hiding this comment.
done. I'm not sure what the tradeoffs are here, so this could also use a review (only if you're up for it, of course)
2 participants
We're currently pulling in unpinned versions of the dependencies (
pytestandmore-itertools, which each depend on other projects).As requested in #62, this changes the action to use a lock file (
uv.lockcurrently, could becomepylock.tomlin the future).(I'll setup CI that checks the action in a bit)Edit: actually, that doesn't really work because it would have to mutate this repo, which we don't want. I have reportlog-test that I can use to trigger the action, though.cc @Zeitsperre