RTECO-992 - Added support for uv package manager

[agrasth]

• All tests have passed. If this feature is not already covered by the tests, new tests have been added.
• The pull request is targeting the master branch.
• The code has been validated to compile successfully by running go vet ./....
• The code has been formatted properly using go fmt ./....

---

Adds jf uv — a transparent wrapper over the uv CLI with Artifactory credential injection, build-info collection, and full support for all uv subcommands (sync, lock, add, remove, build, publish, run, tree, etc.).

How it works

jf uv <args> behaves identically to uv <args> with two additions:

1. Credential injection — Artifactory index credentials are set as UV_INDEX_* env vars before calling uv, following UV's own auth priority chain (env vars → embedded URL → netrc → jf config)
2. Build-info collection — after the command completes, dependency and artifact information is recorded locally for later publishing via jf rt bp

Typical workflow

jf uv sync    --build-name myapp --build-number $BUILD_NUM   # collect deps
jf uv build   --build-name myapp --build-number $BUILD_NUM   # build wheel/sdist
jf uv publish --build-name myapp --build-number $BUILD_NUM   # upload + record artifacts
jf rt bp myapp $BUILD_NUM                                     # publish build-info

CI/Integration notes

• Fully compatible with UV_INDEX_URL, UV_DEFAULT_INDEX, and UV_INDEX_*_USERNAME/PASSWORD env vars — jf defers to any native auth already present
• [dependency-groups] (PEP 735) and [tool.uv.dev-dependencies] both supported; --no-dev, --only-dev, --group, --only-group, --no-group, --all-groups all respected via uv pip list ground truth
• jf uv run --script <file> collects build-info from the script's own inline dependencies (not the surrounding project)
• Command is marked Hidden: true pending migration of the definition to jfrog-cli-artifactory

Test coverage

Added uv_test.go with integration tests covering: sync/lock/add/remove/build/publish pipelines, all auth methods, virtual/local/remote repo combinations, build-info verification (deps, artifacts, requestedBy chains, sha1/md5), --module, --server-id, --project, dev/group dependency handling, and CI/VCS properties.

[bhanurp]

command definition should be part of jfrog-cli-artifactory

[bhanurp]

Can we have a matrix step with latest version of python as well.

[agrasth]

Added python-version as a matrix dimension: ["3.11.5", "3.x"]. The 3.x entry always resolves to the latest stable Python 3 via actions/setup-python.

[bhanurp]

same with uv package manager as well create matrix step and check if it possible to fetch lastest version always.

[agrasth]

Added uv-version as a matrix dimension: ["0.6.17", "latest"]. The astral-sh/setup-uv action supports version: "latest" to always fetch the newest release. The version input is now templated from the matrix.

[bhanurp]

let's mark the command as hidden for now.

[agrasth]

Added Hidden: true to the uv command definition. The command definition will move to jfrog-cli-artifactory in a follow-up.

[bhanurp]

we don't need nested structs here and isn't github.com/BurntSushi/toml library used for parsing toml files?

[agrasth]

Replaced the anonymous nested struct in uvPyprojectToml with a named uvToolUv type and reused the existing uvIndexEntry type for the index slice. github.com/BurntSushi/toml was already the parser in use.

[bhanurp]

is this nested switch block? Looks like a code smell. Please avoid.

[agrasth]

Removed the nested switch entirely. The fallback path is now extracted into uvInjectPublishCredentials which uses early returns instead of nesting.

[bhanurp]

Please refactor this entire block.

[agrasth]

Refactored into two flat functions: uvApplyPublishAuth (single-level switch over all 5 priority steps) and uvInjectPublishCredentials (early-return guards for steps 4b and fallback). Call site is now a single line.