template-fastapi-react icon indicating copy to clipboard operation
template-fastapi-react copied to clipboard

Published 20 hours ago verified publisher icon equinor

chore: use UV as package manager

Open jorgenengelsen opened this issue 1 year ago • 1 comments

Why is this pull request needed?

This pull request is mainly for testing out UV as an alternative for poetry

What does this pull request change?

Replace poetry with UV

Makes the CI slightly faster, and setting up a new python environment much faster.

without uv and cache: Screenshot 2024-08-23 at 12 54 42

uv with cache: Screenshot 2024-08-23 at 12 52 05

Issues related to this change:

jorgenengelsen avatar Aug 23 '24 09:08 jorgenengelsen

Let's try it! How is Snyk support? 😛

Heh! Good question. I have lost access to the Snyk team. UV follows the standard specification for dependencies in pyproject.toml (https://packaging.python.org/en/latest/specifications/pyproject-toml/), but Poetry has its own syntax. Knowing snyk I am betting they don't support it..

jorgenengelsen avatar Aug 26 '24 08:08 jorgenengelsen

@soofstad @mariuswinger I guess you two are best equipped to see if this is something we'd like to do.

sebastianvitterso avatar Jan 14 '25 07:01 sebastianvitterso

Main issue was with UV changing values in lock file on release every release, which screwed with our CI/release flow (it think this was it). But a lot has happen with UV since this PR was created. Could have another look.

soofstad avatar Jan 14 '25 08:01 soofstad

Main issue was with UV changing values in lock file on release every release, which screwed with our CI/release flow (it think this was it). But a lot has happen with UV since this PR was created. Could have another look.

Correct, another issue is the lack of support for UV by dependabot. https://docs.astral.sh/uv/guides/integration/dependency-bots/#dependabot

jorgenengelsen avatar Jan 14 '25 14:01 jorgenengelsen

Too many conflicts, and since dependabot still hasn't caught up, we'll close this for now.

sebastianvitterso avatar Feb 24 '25 11:02 sebastianvitterso

Was looking into this for another project. The solution was to add dynamic = ["version"] in pyproject.toml. This indicates that version is not defined by pyproject.toml. But "by something else", in our case, a tag in git. And will also not be included in uv.lock

This kind of makes sense. There is not really a good cause for having the version in the pyproject.toml file, unless you are publishing a python package. And if you are, you will not need a lock file, as the package should be compatible with any dependency version meeting the pyrpoject.toml defined range.

soofstad avatar Apr 25 '25 11:04 soofstad