(nickjanetakis.com)

264 points tosh | 1 comments | 24 Jun 25 09:46 UTC | HN request time: 0.24s | source

Show context

gchamonlive ◴[24 Jun 25 10:48 UTC] No.44364747[source]▶

  # Ensure we always have an up to date lock file.
  if ! test -f uv.lock || ! uv lock --check 2>/dev/null; then
    uv lock
  fi

Doesn't this defeat the purpose of having a lock file? If it doesn't exist or if it's invalid something catastrophic happened to the lock file and it should be handled by someone familiar with the project. Otherwise, why have a lock file at all? The CI will silently replace the lock file and cause potential confusion.

replies(5): >>44364785 #>>44364880 #>>44365348 #>>44368840 #>>44370311 #

freetonik ◴[24 Jun 25 10:57 UTC] No.44364785[source]▶

>>44364747 #

In the Python world, I often see lockfiles treated a one "weird step in the installation process", and not committed to version control.

replies(5): >>44364943 #>>44364950 #>>44365064 #>>44366872 #>>44375347 #

1. oceansky ◴[24 Jun 25 11:23 UTC] No.44364950[source]▶

>>44364785 #

It's what I used to do with package-lock.json when I had little production experience.

↑

Switching Pip to Uv in a Dockerized Flask / Django App