Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support python uv as pip-compile compatible replacement #10039

Open
1 task done
avilaton opened this issue Jun 19, 2024 · 3 comments
Open
1 task done

Support python uv as pip-compile compatible replacement #10039

avilaton opened this issue Jun 19, 2024 · 3 comments
Labels
L: git:submodules Git submodules L: python L: rust:cargo Rust crates via cargo T: feature-request Requests for new features

Comments

@avilaton
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Feature description

We are trying to draft support for using https://github.com/astral-sh/uv as a replacement for pip-tools in dependabot.

The reason for this is that uv is much faster and many projects have already started switching to it. UV is a pip-tools compatible replacement written in rust.

If we are lucky, it should be as easy as changing pip-compile --stuff for uv pip compile --stuff and adding uv as one of the python helpers requirements.
@avilaton avilaton added the T: feature-request Requests for new features label Jun 19, 2024
@github-actions github-actions bot added L: git:submodules Git submodules L: python L: rust:cargo Rust crates via cargo labels Jun 19, 2024
@avilaton avilaton mentioned this issue Jun 19, 2024
Open
5 tasks
@edgarrmondragon edgarrmondragon mentioned this issue Jul 6, 2024
Merged
5 tasks
@edgarrmondragon
Copy link

I think #10040 is ready for a review by the maintainers 🙂

@edgarrmondragon edgarrmondragon mentioned this issue Aug 22, 2024
Open
1 task
@legoktm legoktm mentioned this issue Sep 23, 2024
Open
@StevenMaude StevenMaude mentioned this issue Oct 3, 2024
Open
@mistercrunch mistercrunch mentioned this issue Oct 11, 2024
Open
@mistercrunch
Copy link

Linking my comment here astral-sh/uv#5487 (comment) around supporting multi-synchronized-outputs, which I think is super relevant to the uv/dependabot integration.

@EdmundGoodman EdmundGoodman mentioned this issue Oct 13, 2024
Open
19 tasks
@EdmundGoodman
Copy link

EdmundGoodman commented Oct 24, 2024
edited
Loading

In the related issue #10478, I have just but the following comment on a work-around for getting fairly similar functionality to Dependabot in the meantime before this issue is resolved:

This has also blocked us, so +1 for prioritising this.

As a stopgap in the meantime, I've hacked together a small GitHub Actions workflow which provides fairly similar functionality to unblock our project whilst we wait. A small demo is available here https://github.com/EdmundGoodman/update-bot if it is helpful to anyone else.

It slightly differs from dependabot in that it makes a PR on a cron schedule if any dependency can be updated rather than whenever a security vulnerability is found, but is good enough for us for now. It differs from other workflows I've seen in this thread, as it PRs rather than just directly committing to main which could break things.

This might require a tiny bit of modification to work with uv pip compile, but the general idea is the same so thought I'd also mention it here in case it can help anyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: git:submodules Git submodules L: python L: rust:cargo Rust crates via cargo T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mistercrunch @avilaton @edgarrmondragon @EdmundGoodman