Skip to content

feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen #94

wants to merge 14 commits into from

Conversation

Paillat-dev
Copy link
Member

@Paillat-dev Paillat-dev commented Sep 3, 2025
edited
Loading

Summary

Use frozen lockfile to reduce risk of supply chain attacks

Information

  • This PR fixes an issue.
  • This PR adds something new (e.g. new method or parameters).
  • This PR is a breaking change (e.g. methods or parameters removed/renamed).
  • This PR is not a code change (e.g. documentation, README, typehinting,
    examples, ...).

Checklist

  • I have searched the open pull requests for duplicates.
  • If code changes were made then they have been tested.
    • I have updated the documentation to reflect the changes.
  • If type: ignore comments were used, a comment is also left explaining why.
  • I have updated the changelog to include these changes.

@Paillat-dev Paillat-dev changed the title feat(CI): 👷 Create a reusable workflow for UV and make UV l… feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen Sep 3, 2025
@Paillat-dev Paillat-dev marked this pull request as draft September 3, 2025 21:09
@Paillat-dev Paillat-dev marked this pull request as ready for review September 3, 2025 21:26
@Paillat-dev Paillat-dev requested a review from a team as a code owner September 3, 2025 21:26
@Paillat-dev Paillat-dev added the don't-merge DO NOT MERGE label Sep 3, 2025
@Paillat-dev
Copy link
Member Author

image

Paillat-dev and others added 5 commits September 3, 2025 23:48
@Paillat-dev @Lulalaby
👷 Create a reusable workflow for UV and make UV lockfile frozen
931e888
@Lulalaby
Update lib-checks.yml
dd76114 
Signed-off-by: Lala Sabathil <[email protected]>
@Lulalaby
Update sync-uv workflow reference to pycord-next
93ec750 
Signed-off-by: Lala Sabathil <[email protected]>
@Lulalaby
Update sync-uv workflow reference in CI configs
ba0742f 
Replaces local sync-uv.yml workflow references with remote workflow from pycord-development/pycord-next repository in all affected GitHub Actions YAML files. This ensures the latest shared workflow is used for setup steps.
@Lulalaby
Update sync-uv workflow ref to master branch
219bee1 
Changed the reference for pycord-next/.github/workflows/sync-uv.yml from 'main' to 'master' in all relevant GitHub workflow files to ensure correct branch usage for setup steps.
@Paillat-dev Paillat-dev force-pushed the uv-frozen branch 2 times, most recently from 49005a5 to 0fdf0f6 Compare September 3, 2025 21:56
Lulalaby and others added 7 commits September 3, 2025 23:58
@Lulalaby
Refactor UV sync to composite GitHub Action
40ba971 
Replaces the workflow-based sync-uv implementation with a reusable composite action in .github/actions/sync-uv/action.yml. Updates all workflows to use the new action for dependency synchronization, improving maintainability and modularity.
@Lulalaby
Fix boolean input handling in sync-uv action
3e34cc1 
Updates environment variable assignment to explicitly check for 'true' string values in inputs.no_python_downloads and inputs.frozen, ensuring correct behavior when setting UV_NO_PYTHON_DOWNLOADS and UV_FROZEN.
@Lulalaby
Improve argument building in sync-uv action
cf1b60d 
Refactored the scripts for building group and extra arguments to use explicit if statements for non-empty values and added 'set -x' for debugging. Also added '|| exit 0' to the output commands to prevent failures if output writing fails.
@Lulalaby
Update action.yml
a4b36af
@Paillat-dev
💚 Use only one bash step so we can safely not use printf
c1a0440
@Paillat-dev
💚 Forgot the set +e
a8a4aef
@Paillat-dev
💚 Use different variable names
fba292e
@Paillat-dev Paillat-dev removed the don't-merge DO NOT MERGE label Sep 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Lulalaby Lulalaby Awaiting requested review from Lulalaby Lulalaby is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Paillat-dev @Lulalaby