Skip to content

chore: run prek from a locked uv dev group#26463

Open
shaanmajid wants to merge 4 commits into
astral-sh:mainfrom
shaanmajid:chore/uv-prek-tooling
Open

chore: run prek from a locked uv dev group#26463
shaanmajid wants to merge 4 commits into
astral-sh:mainfrom
shaanmajid:chore/uv-prek-tooling

Conversation

@shaanmajid

@shaanmajid shaanmajid commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

Add a locked uv workflow for running prek in CI and local development.

This pins prek via a new dev PEP 735 dependency group, introduces a committed uv.lock file, and updates CI to run prek through uv run --only-group dev --locked. It also adds a frozen uv-lock pre-commit hook to ensure future changes keep the lockfile in sync. Lastly, I noticed that some pre-commit priority blocks did not match the comment sections, so this does some opportunistic cleanup to move these around.

Atop #26461. Closes #26386.

Test Plan

uv run --only-dev prek --all-files

@shaanmajid shaanmajid changed the title Chore/uv prek tooling chore: run prek from a locked uv dev group Jun 29, 2026
@astral-sh-bot

astral-sh-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

ruff-ecosystem results

Linter (stable)

✅ ecosystem check detected no linter changes.

Linter (preview)

✅ ecosystem check detected no linter changes.

Formatter (stable)

✅ ecosystem check detected no format changes.

Formatter (preview)

✅ ecosystem check detected no format changes.

@sharkdp sharkdp force-pushed the chore/uv-prek-tooling branch from 0ba209f to 20aae09 Compare June 30, 2026 07:46

@sharkdp sharkdp left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for working on this. I have a few questions.

Comment thread .pre-commit-config.yaml Outdated
Comment on lines +85 to +86
# To run all hooks *including* this hook, use `uvx prek run -a --hook-stage=manual`.
# To run *just* this hook, use `uvx prek run -a actionlint --hook-stage=manual`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the description here be updated (still uses uvx prek)? Maybe also search the repo for other uses of uvx prek?

@shaanmajid shaanmajid Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah, I noted this during development but forgot to follow-up. Updated in a few files.

(FWIW, the main motivation of this change was to use a pinned prek version in CI; using a consistent version during local development was mostly an ancillary benefit. But I agree it's worth updating here :))

Comment thread uv.lock

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if introducing this global uv.lock file could break some of our existing scripts?

And if we need to update our release workflow to update this file?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, great catch. I inspected the uv and ty repos (which both similar global uv.lock files) to see if there's anything we should mirror here. The only major concern I found was the one you noted: the release process needs to re-generate the lockfile. Made the corresponding update to scripts/release.sh.

@shaanmajid shaanmajid Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that there is a global uv.lock, this could also provide the opportunity to fully resolve rooster and all transitive dependencies via the lockfile as well (instead of the current top-level @0.1.1 constraint). A similar change was made to uv recently in astral-sh/uv#19923. Let me know if you'd like me to make a follow-up PR for this :)

Comment thread pyproject.toml Outdated

[dependency-groups]
dev = [
"prek==0.4.5; python_version >= '3.8'",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this be updated by renovate?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I tested by manually downgrading the requirement to prek==0.4.4 and running Renovate locally; the existing pep621 Renovate manager handles this, updating both the requirement in pyproject.toml and the uv.lock file.

(This was not your question, but I also changed how the Python constraint is expressed here -- although it doesn't affect Renovate behavior either way. The initial python_version marker was chosen to match prek's own requires-python, because lockfile generation fails if uv has to resolve the dev group for Ruff's full project Python range. After comparing with uv's dependency-group style, I moved that to a group-level requires-python constraint instead, and bumped to >=3.12 to keep it more recent.)

@shaanmajid shaanmajid force-pushed the chore/uv-prek-tooling branch from 20aae09 to 610662e Compare June 30, 2026 18:40
@shaanmajid shaanmajid requested a review from a team as a code owner June 30, 2026 18:40
@shaanmajid shaanmajid force-pushed the chore/uv-prek-tooling branch 2 times, most recently from b456d93 to 701e2b4 Compare June 30, 2026 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Consider hardening prek supply-chain

2 participants