uv-lock-report icon indicating copy to clipboard operation
uv-lock-report copied to clipboard

Published 2 months ago verified publisher icon mw-root

Metadata

A GitHub Action to report changes to uv.lock.

uv Lock Report

codecov

Description

Digests complex uv.lock diffs in Pull Requests and provides a simple summary of dependency changes as a PR comment.

Pull Requests with lockfile changes can be difficult to evaluate at a quick glance and diffs are usually hidden by default.

This GitHub Action transforms complex uv.lock diffs into a clean, easy-to-read report. It analyzes the changes between your base and head lockfiles, then posts a formatted comment showing exactly which packages were added, updated, or removed—including version changes and their severity (major, minor, or patch).

No more parsing through hundreds of lines of TOML diffs to understand what changed.

Example GitHub Actions Usage

name: uv Lockfile Report

on:
  pull_request:

permissions:
  contents: read
  pull-requests: write

jobs:
  report:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Report
        uses: mw-root/[email protected]
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

Inputs

INPUT TYPE REQUIRED DEFAULT DESCRIPTION
github-token string true GitHub Token
output-format string false "simple" The output format of the report.
One of: simple, table
show-learn-more-link string false "true" Whether to show a "Learn More"
link in the report comment.

Output Format Examples

The formatting can be chosen with the output-format input.

Simple Format ( Default )

Example Comment

Table Format

Example Comment

CLI Usage

You can also use uv-lock-report as a standalone CLI tool for local development or in custom CI/CD pipelines.

Installation

Install the package using uv:

uv build
pip install ./dist/uv_lock_report-0.1.0-py3-none-any.whl

Usage

uv-lock-report --base-sha <git-sha> --base-path <path-to-base-lockfile> --output-path <output-file>

Arguments

  • --base-sha: Git SHA of the base commit to compare against
  • --base-path: Path to the base lockfile (usually uv.lock)
  • --output-path: Path where the JSON report will be written
  • --output-format: Output format (table or simple, default: table)
  • --show-learn-more-link: Whether to show "Learn More" link (true or false, default: true)

Example

# Compare current uv.lock with the one from main branch
uv-lock-report \
  --base-sha main \
  --base-path uv.lock \
  --output-path report.json \
  --output-format table

Testing the installation

You can test that the CLI is properly installed:

# Test with a built wheel
uv run --with ./dist/uv_lock_report-0.1.0-py3-none-any.whl uv-lock-report --help

# Or run the included test script
uv run python test_cli_install.py

Metadata

32
Stars
2
Forks
32
Watchers

Owner

verified publisher icon mw-root

Metadata

A GitHub Action to report changes to uv.lock.

Back