CI: Prefer using uv. Publish package to TestPyPI.

[amotl]

Just maintenance.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated CI and Dependabot: Dependabot GitHub Actions update schedule moved to weekly; workflows replaced setup-python with astral-sh/setup-uv (activate-environment, matrix python-version), added uvx twine check in release flow, updated Codecov to v5, and added a versioningit format in pyproject.toml.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Changed GitHub Actions dependency update schedule from monthly to weekly.
Release Workflow .github/workflows/release-pypi.yml	Replaced Python setup with astral-sh/setup-uv (activate-environment, matrix-driven python-version); renamed step to "Install uv"; removed cache-dependency-glob; added uvx twine check dist/*; simplified TestPyPI publish to use uv publish.
Tests Workflow .github/workflows/tests.yml	Removed UV_SYSTEM_PYTHON env; replaced actions/setup-python with astral-sh/setup-uv (activate-environment, python-version from matrix); removed cache-dependency-glob; added uv pip install pip in setup; bumped codecov-action from v4 to v5.
Project config pyproject.toml	Added [tool.versioningit.format] block with distance = "{base_version}.post{distance}" to customize post-release version formatting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Use uv across the board meltano-tap-cratedb#14 — Both PRs migrate CI to use uv (astral-sh/setup-uv) replacing actions/setup-python, so this change addresses that CI migration objective.

Poem

🐇 I hopped through YAML, tidy and quick,
Switched monthly to weekly with a flick,
Installed uv, gave twine a peep,
Codecov climbed while I munched a carrot heap,
A happy rabbit cheers the CI trick.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description 'Just maintenance' is vague and generic, using a non-descriptive term that does not convey meaningful information about the specific changes being made.	Expand the description to include specific details about the CI changes, such as migrating from standard Python setup to uv tool, updating workflows, and adjusting versioning configuration.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately summarizes the main changes: transitioning CI workflows to use uv as the package manager and adding TestPyPI publishing capability.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch modernize

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release-pypi.yml:
- Line 63: The "Publish package to TestPyPI" job/step contains a constant
disabled condition `if: false` which triggers actionlint [if-cond]; remove the
entire "Publish package to TestPyPI" step block (the step titled "Publish
package to TestPyPI") or replace the `if: false` with a real runtime condition
such as checking a workflow input (e.g., a `workflow_dispatch` boolean input) or
an environment/branch check so the step uses a valid conditional instead of a
constant false.

---

ℹ️ Review info

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f35255f and c46699b.

📒 Files selected for processing (3)

• .github/dependabot.yml
• .github/workflows/release-pypi.yml
• .github/workflows/tests.yml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pyproject.toml`:
- Around line 240-242: The versioningit config only sets distance and relies on
defaults for dirty and distance-dirty (which include local '+' segments);
explicitly add entries under [tool.versioningit.format] for dirty and
distance-dirty to use PEP 440-compatible post-release segments (no '+' local
version), e.g. set dirty to a post-style format like "{base_version}.post0" and
distance-dirty to a post-style format using the distance like
"{base_version}.post{distance}" so all three keys (distance, dirty,
distance-dirty) are defined without local-version suffixes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: a866f469-bb99-4373-b637-c0348ed17085

📥 Commits

Reviewing files that changed from the base of the PR and between 1bda39a and bf92f31.

📒 Files selected for processing (2)

• .github/workflows/release-pypi.yml
• pyproject.toml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release-pypi.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

versioningit format defaults dirty distance-dirty documentation

💡 Result:

In versioningit, the format step uses different templates depending on the repository “state”:

• distance: there are commits since the most recent tag
• dirty: no commits since the most recent tag, but there are uncommitted changes
• distance-dirty: there are commits since the most recent tag and there are uncommitted changes [1]

Default format templates

The documented default configuration is: [1]

[tool.versioningit.format]
distance = "{base_version}.post{distance}+{vcs}{rev}"
dirty = "{base_version}+d{build_date:%Y%m%d}"
distance-dirty = "{base_version}.post{distance}+{vcs}{rev}.d{build_date:%Y%m%d}"

Notes:

• {base_version} is the version taken from the most recent tag. (Older docs/examples may show {version}; it was renamed to {base_version} in v2.0.0, with {version} kept as a deprecated alias.) [1]
• {distance} = number of commits since the most recent tag; {rev} = abbreviated commit hash; {vcs} = first letter of VCS name (e.g., g for git); {build_date} is the build time (or SOURCE_DATE_EPOCH if set). [1]

Sources:
[1] versioningit “Configuration” docs (stable): default [tool.versioningit.format] values, state meanings, and available fields. (versioningit.readthedocs.io)

Citations:

• 1: https://versioningit.readthedocs.io/en/stable/configuration.html?utm_source=openai

---

🌐 Web query:

PyPI accepts local version segment PEP 440

💡 Result:

PEP 440 allows local version identifiers (the +local segment), e.g. 1.2.3+acme.1, mainly for downstream/private rebuilds. However, PyPI does not accept uploads that use a local version identifier: PEP 440 explicitly states that because PyPI is intended for upstream releases, it “MUST NOT allow the use of local version identifiers.” [1]

So, if you try to upload a distribution with a +... local segment in Version, PyPI/TestPyPI should reject it; use a public PEP 440 version (e.g. .postN, .devN, or pre-releases) for public publishing, and reserve +local for private indexes/internal builds. [1]

Sources:
[1] PEP 440 – “Local version identifiers” section (PyPI MUST NOT allow local versions): https://peps.python.org/pep-0440/

---

Configure dirty and distance-dirty explicitly to avoid PyPI-incompatible local version suffixes.

The current configuration specifies only distance, but versioningit defaults for unspecified states (dirty and distance-dirty) both include local version segments (+...). PyPI explicitly rejects any upload with a local version identifier per PEP 440. Since the PR goal is PyPI-compatible dirty versions, you must explicitly configure all three states without local segments.

Suggested config update

 [tool.versioningit.format]
 distance = "{base_version}.post{distance}"
+dirty = "{base_version}"
+distance-dirty = "{base_version}.post{distance}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	[tool.versioningit.format]
	distance = "{base_version}.post{distance}"
	[tool.versioningit.format]
	distance = "{base_version}.post{distance}"
	dirty = "{base_version}"
	distance-dirty = "{base_version}.post{distance}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 240 - 242, The versioningit config only sets
distance and relies on defaults for dirty and distance-dirty (which include
local '+' segments); explicitly add entries under [tool.versioningit.format] for
dirty and distance-dirty to use PEP 440-compatible post-release segments (no '+'
local version), e.g. set dirty to a post-style format like
"{base_version}.post0" and distance-dirty to a post-style format using the
distance like "{base_version}.post{distance}" so all three keys (distance,
dirty, distance-dirty) are defined without local-version suffixes.