(nickjanetakis.com)

264 points tosh | 1 comments | 24 Jun 25 09:46 UTC | HN request time: 0.241s | source

Show context

gchamonlive ◴[24 Jun 25 10:48 UTC] No.44364747[source]▶

  # Ensure we always have an up to date lock file.
  if ! test -f uv.lock || ! uv lock --check 2>/dev/null; then
    uv lock
  fi

Doesn't this defeat the purpose of having a lock file? If it doesn't exist or if it's invalid something catastrophic happened to the lock file and it should be handled by someone familiar with the project. Otherwise, why have a lock file at all? The CI will silently replace the lock file and cause potential confusion.

replies(5): >>44364785 #>>44364880 #>>44365348 #>>44368840 #>>44370311 #

1. silvester23 ◴[24 Jun 25 12:18 UTC] No.44365348[source]▶

>>44364747 #

This is actually covered by the --locked option that uv sync provides.

If you do `uv sync --locked` it will not succeed if the lock file does not exist or is out of date.

Edit: I slightly misread your comment. I strongly agree that having no lock file or a lockfile that does not match your specified dependencies is a case where a human should intervene. That's why I suggest you should always use the --locked option in your build.

↑

Switching Pip to Uv in a Dockerized Flask / Django App