←back to thread

Switching Pip to Uv in a Dockerized Flask / Django App

(nickjanetakis.com)
265 points tosh | 1 comments | 24 Jun 25 09:46 UTC | HN request time: 0.204s | source
Show context
gchamonlive ◴[24 Jun 25 10:48 UTC] No.44364747[source]

  # Ensure we always have an up to date lock file.
  if ! test -f uv.lock || ! uv lock --check 2>/dev/null; then
    uv lock
  fi
Doesn't this defeat the purpose of having a lock file? If it doesn't exist or if it's invalid something catastrophic happened to the lock file and it should be handled by someone familiar with the project. Otherwise, why have a lock file at all? The CI will silently replace the lock file and cause potential confusion.
replies(5): >>44364785 #>>44364880 #>>44365348 #>>44368840 #>>44370311 #
freetonik ◴[24 Jun 25 10:57 UTC] No.44364785[source]
In the Python world, I often see lockfiles treated a one "weird step in the installation process", and not committed to version control.
replies(5): >>44364943 #>>44364950 #>>44365064 #>>44366872 #>>44375347 #
bckr ◴[24 Jun 25 14:48 UTC] No.44366872[source]
This is kinda how I treat it. I figured that I have already set the requirements in the pyproject.toml file.

Should I be committing the lock file?

replies(1): >>44368827 #
1. gcarvalho ◴[24 Jun 25 17:48 UTC] No.44368827[source]
If your pyproject.toml does not list all your dependencies (including dependencies of your dependencies) and a fixed version for each, you may get different versions of the dependencies in future installs.

A lock file ensures all installations resolve the same versions, and the environment doesn’t differ simply because installations were made on different dates. Which is usually what you want for an application running in production.