Use uv.lock for installing dependencies in Dockerfiles#2989
Use uv.lock for installing dependencies in Dockerfiles#2989JacobCoffee merged 5 commits intopython:mainfrom
Conversation
Add it to Looks like this weekend's pip release will add experimental support for installing from pylock.toml! pypa/pip#13876 Not necessarily suggesting waiting for that, there may be some edges that need polish, and pip-compile is a very good way to lock right now. |
|
We use the what we could do is migrate dockerfiles over to |
JacobCoffee
left a comment
JacobCoffee
left a comment
There was a problem hiding this comment.
dependabot changes +1, the rest needs undone
|
@JacobCoffee Gotcha, I didn't realize it was used because it wasn't used in the Dockerfiles. I didn't look in the |
sethmlarson
force-pushed
the
pin-python-requirements
branch
from
784d830 to
2f70c15
Compare
sethmlarson
force-pushed
the
pin-python-requirements
branch
from
2f70c15 to
25d0e03
Compare
sethmlarson
changed the title
|
FYI, used |
|
i cant leave code review due to platform issues so can you check @sethmlarson |
|
@JacobCoffee Yeah that looks good to me, Jacob and I discussed Dependabot updates and it sounds like Dependabot can handle Dockerfiles too. Neat! |
3 participants
Related to #2988. We also have many outstanding Dependabot PRs, so maybe even "weekly" is too often. Security updates will always get prioritized, so we don't have to worry too much about this time span being long.
I deleted
uv.lockbecause it wasn't being used at all for deployment and appears to have been added accidentally? It was added in a seemingly unrelatedREADMEcommit.cc @JacobCoffee