Is your feature request related to a problem?
The current implementation of uv sync and uv run without the --frozen flag causes non-deterministic builds and migration failures. This leads to inconsistent package versions and potential deploy issues across different environments.
Describe the solution you'd like
- Add --frozen to the uv sync command in the Dockerfile.
- Add --frozen to the uv run command for alembic upgrades in the staging CD pipeline.
- Ensure that both commands use the locked versions specified in uv.lock to maintain consistent environments and reduce deploy failures.
Original issue
Description:
uv sync and uv run were being called without --frozen in both the Dockerfile and the staging CD pipeline. This caused uv to re-resolve dependencies at build/deploy time instead of using the pinned lockfile, leading to two problems:
Dockerfile (uv sync): During docker compose build, uv would re-resolve transitive dependencies rather than installing from the lockfile exactly. This could pull in different package versions than what was tested, making builds non-reproducible across environments.
CD pipeline (uv run alembic upgrade head): On the EC2 instance, uv run was triggering a fresh dependency resolution before running migrations. This could fail due to PyPI network restrictions inside the container, or resolve different versions than what was baked into the image — breaking the migration step mid-deploy.
Fix: Added --frozen to both commands:
uv sync --frozen in backend/Dockerfile
uv run --frozen alembic upgrade head in .github/workflows/cd-staging.yml
This enforces that both the image build and the migration run use exactly what's in uv.lock, matching the tested environment and eliminating resolution-time failures.
Is your feature request related to a problem?
The current implementation of uv sync and uv run without the --frozen flag causes non-deterministic builds and migration failures. This leads to inconsistent package versions and potential deploy issues across different environments.
Describe the solution you'd like
Original issue
Description:
uv sync and uv run were being called without --frozen in both the Dockerfile and the staging CD pipeline. This caused uv to re-resolve dependencies at build/deploy time instead of using the pinned lockfile, leading to two problems:
Dockerfile (uv sync): During docker compose build, uv would re-resolve transitive dependencies rather than installing from the lockfile exactly. This could pull in different package versions than what was tested, making builds non-reproducible across environments.
CD pipeline (uv run alembic upgrade head): On the EC2 instance, uv run was triggering a fresh dependency resolution before running migrations. This could fail due to PyPI network restrictions inside the container, or resolve different versions than what was baked into the image — breaking the migration step mid-deploy.
Fix: Added --frozen to both commands:
uv sync --frozen in backend/Dockerfile
uv run --frozen alembic upgrade head in .github/workflows/cd-staging.yml
This enforces that both the image build and the migration run use exactly what's in uv.lock, matching the tested environment and eliminating resolution-time failures.