Skip to content

[MISC] Switch to uv #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[MISC] Switch to uv #613

wants to merge 9 commits into from

Conversation

@sinclert-canonical
Copy link
Contributor

@sinclert-canonical sinclert-canonical commented May 9, 2025
edited
Loading

This PR changes the tool used for dependency management from poetry to uv, following this PG-Bouncer example. Some of the main changes are:

  • Migrated from poetry-specific pyproject.toml syntax to standard Python project one.
  • Migrated from poetry-specific carrot specifier (^) to standard compatible release specifier (~=).
  • Renamed dependency groups main to charm and charm-libs to just libs (revertible upon request).

Differences from PG-Bouncer PR:

  • The uv binary is installed via pip, instead of via snap (both @paulomach and myself prefer that way).
  • The tox_uv.toml file to cherry pick when dependencies are installed from pre-built packages has been ignored. Instead, all tox environments use pre-built packages, only installing from source when the charm gets packed.

Additional changes

  • Bumped ruff target python version to 3.10 + updated Python files format.

@sinclert-canonical sinclert-canonical added the enhancement New feature, UI change, or workload upgrade label May 9, 2025
@sinclert-canonical sinclert-canonical marked this pull request as ready for review May 9, 2025 12:32
carlcsaposs-canonical
carlcsaposs-canonical requested changes May 9, 2025
View reviewed changes
Copy link
Contributor

@carlcsaposs-canonical carlcsaposs-canonical left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will cause Dependabot vulnerability alerts to stop working, which Renovate uses to segment security updates from normal PRs (and to open security update PRs immediately, instead of waiting for the weekly schedule)

@dragomirp
Copy link
Contributor

dragomirp commented May 9, 2025

This will cause Dependabot vulnerability alerts to stop working, which Renovate uses to segment security updates from normal PRs (and to open security update PRs immediately, instead of waiting for the weekly schedule)

There's a experimental feature in renovate osvvulnerabilityalerts that seems to work with uv. But IMHO, without a pressing need to switch (focal support), it might be best to discuss further at the sprint.

@carlcsaposs-canonical
Copy link
Contributor

carlcsaposs-canonical commented May 9, 2025

There's a experimental feature in renovate osvvulnerabilityalerts that seems to work with uv. But IMHO, without a pressing need to switch (focal support), it might be best to discuss further at the sprint.

good to know

the docs for that feature mention

You will only get OSV-based vulnerability alerts for direct dependencies.

which might be an issue—I'm not sure what renovate considers a direct dependency in this context. Would guess it would not include lockfile deps, but not sure

@sinclert-canonical
Copy link
Contributor Author

sinclert-canonical commented May 9, 2025

There's a experimental feature in renovate osvvulnerabilityalerts that seems to dragomirp/pgbouncer-operator#10 with uv.

Will take a look. Thanks Drago!

IMHO, without a pressing need to switch (focal support), it might be best to discuss further at the sprint.

I somewhat agree.

I recognize the value of simplifying the charmcraft.yaml file (which IMHO is confusing and bloated at the moment), but I think migrating the dependency management tooling is one of those changes where either we are convince enough to migrate all our projects, or we do not migrate any at all. Leaving some of them with poetry and some of them with uv will only make things worse long term.

As you said: let's discuss during the Sprint. Paulo told me John wants to foster the usage of uv.

@sinclert-canonical
Copy link
Contributor Author

sinclert-canonical commented May 12, 2025

Depends on canonical/data-platform#38.

@astrojuanlu astrojuanlu mentioned this pull request Nov 11, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlcsaposs-canonical carlcsaposs-canonical carlcsaposs-canonical requested changes

@paulomach paulomach Awaiting requested review from paulomach

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature, UI change, or workload upgrade Libraries: Out of sync

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sinclert-canonical @dragomirp @carlcsaposs-canonical