Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/deps-locked.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,19 @@ jobs:

- name: Verify lockfile is in sync with pyproject.toml
run: |
# Seed the temp output file from the committed lock so that uv pip
# compile treats existing pins as the resolution baseline (uv's
# documented behaviour: "if the file already exists, the existing
# versions will be preferred … unless --upgrade is specified").
# This means a satisfying already-pinned version (e.g. pytest==9.0.3
# satisfying >=9.0.3) is KEPT even when a newer release (9.1.0) is
# available upstream — preventing false-positive failures on every
# new upstream release that has nothing to do with this repo.
#
# The diff still detects the real failure mode: pyproject adds or
# changes a dependency without the lock being regenerated, which
# causes the recompiled output to diverge from the committed lock.
cp requirements-dev.lock /tmp/requirements-dev.regenerated.lock
uv pip compile --universal --generate-hashes --python-version 3.11 \
--extra dev pyproject.toml -o /tmp/requirements-dev.regenerated.lock
# Compare only the dependency body. The autogenerated header comment
Expand Down
Loading