(nickjanetakis.com)

265 points tosh | 1 comments | 24 Jun 25 09:46 UTC | HN request time: 0.357s | source

Show context

gchamonlive ◴[24 Jun 25 10:48 UTC] No.44364747[source]▶

  # Ensure we always have an up to date lock file.
  if ! test -f uv.lock || ! uv lock --check 2>/dev/null; then
    uv lock
  fi

Doesn't this defeat the purpose of having a lock file? If it doesn't exist or if it's invalid something catastrophic happened to the lock file and it should be handled by someone familiar with the project. Otherwise, why have a lock file at all? The CI will silently replace the lock file and cause potential confusion.

replies(5): >>44364785 #>>44364880 #>>44365348 #>>44368840 #>>44370311 #

9dev ◴[24 Jun 25 11:12 UTC] No.44364880[source]▶

>>44364747 #

What are the possible remediation steps, however? If there is no lock file at all, this is likely the first run, or it will be overwritten from a git upstream later on anyway; if it's broken, chances are high someone messed up a package installation and creating a fresh lock file seems like the only sensible thing to do.

I also feel like this handles rare edge cases, but it seems like a pretty straightforward way to do so.

replies(4): >>44364906 #>>44364907 #>>44364927 #>>44366724 #

1. globular-toast ◴[24 Jun 25 11:16 UTC] No.44364906[source]▶

>>44364880 #

The fix is to generate the lockfile and commit it to the repository. Every build should be based on the untouched lockfile from the repo. It's the entire point of it.

↑

Switching Pip to Uv in a Dockerized Flask / Django App