Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support python uv as pip-compile compatible replacement #10039

Open
1 task done
avilaton opened this issue Jun 19, 2024 · 3 comments
Open
1 task done

Support python uv as pip-compile compatible replacement #10039

avilaton opened this issue Jun 19, 2024 · 3 comments
Labels
L: git:submodules Git submodules L: python L: rust:cargo Rust crates via cargo T: feature-request Requests for new features

Comments

@avilaton
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Feature description

We are trying to draft support for using https://github.com/astral-sh/uv as a replacement for pip-tools in dependabot.

The reason for this is that uv is much faster and many projects have already started switching to it. UV is a pip-tools compatible replacement written in rust.

If we are lucky, it should be as easy as changing pip-compile --stuff for uv pip compile --stuff and adding uv as one of the python helpers requirements.

@edgarrmondragon
Copy link

I think #10040 is ready for a review by the maintainers 🙂

@mistercrunch
Copy link

Linking my comment here astral-sh/uv#5487 (comment) around supporting multi-synchronized-outputs, which I think is super relevant to the uv/dependabot integration.

@EdmundGoodman
Copy link

EdmundGoodman commented Oct 24, 2024

In the related issue #10478, I have just but the following comment on a work-around for getting fairly similar functionality to Dependabot in the meantime before this issue is resolved:

This has also blocked us, so +1 for prioritising this.

As a stopgap in the meantime, I've hacked together a small GitHub Actions workflow which provides fairly similar functionality to unblock our project whilst we wait. A small demo is available here https://github.com/EdmundGoodman/update-bot if it is helpful to anyone else.

It slightly differs from dependabot in that it makes a PR on a cron schedule if any dependency can be updated rather than whenever a security vulnerability is found, but is good enough for us for now. It differs from other workflows I've seen in this thread, as it PRs rather than just directly committing to main which could break things.

This might require a tiny bit of modification to work with uv pip compile, but the general idea is the same so thought I'd also mention it here in case it can help anyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
L: git:submodules Git submodules L: python L: rust:cargo Rust crates via cargo T: feature-request Requests for new features
Projects
None yet
Development

No branches or pull requests

4 participants