Skip to content

feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Oct 20, 2025
Merged

feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen #94

merged 18 commits into from
Oct 20, 2025

Conversation

@Paillat-dev
Copy link
Member

@Paillat-dev Paillat-dev commented Sep 3, 2025
edited
Loading

Summary

Use frozen lockfile to reduce risk of supply chain attacks

Information

  • This PR fixes an issue.
  • This PR adds something new (e.g. new method or parameters).
  • This PR is a breaking change (e.g. methods or parameters removed/renamed).
  • This PR is not a code change (e.g. documentation, README, typehinting,
    examples, ...).

Checklist

  • I have searched the open pull requests for duplicates.
  • If code changes were made then they have been tested.
    • I have updated the documentation to reflect the changes.
  • If type: ignore comments were used, a comment is also left explaining why.
  • I have updated the changelog to include these changes.

@Paillat-dev Paillat-dev changed the title feat(CI): 👷 Create a reusable workflow for UV and make UV l… feat(CI): 👷 Create a reusable workflow for UV and make UV lockfile frozen Sep 3, 2025
@Paillat-dev Paillat-dev marked this pull request as draft September 3, 2025 21:09
@Paillat-dev Paillat-dev marked this pull request as ready for review September 3, 2025 21:26
@Paillat-dev Paillat-dev requested a review from a team as a code owner September 3, 2025 21:26
@Paillat-dev Paillat-dev added the don't-merge DO NOT MERGE label Sep 3, 2025
@Paillat-dev
Copy link
Member Author

Paillat-dev commented Sep 3, 2025

image

Paillat-dev and others added 5 commits September 3, 2025 23:48
@Paillat-dev @Lulalaby
👷 Create a reusable workflow for UV and make UV lockfile frozen
931e888
@Lulalaby
Update lib-checks.yml
dd76114 
Signed-off-by: Lala Sabathil <aiko@aitsys.dev>
@Lulalaby
Update sync-uv workflow reference to pycord-next
93ec750 
Signed-off-by: Lala Sabathil <aiko@aitsys.dev>
@Lulalaby
Update sync-uv workflow reference in CI configs
ba0742f 
Replaces local sync-uv.yml workflow references with remote workflow from pycord-development/pycord-next repository in all affected GitHub Actions YAML files. This ensures the latest shared workflow is used for setup steps.
@Lulalaby
Update sync-uv workflow ref to master branch
219bee1 
Changed the reference for pycord-next/.github/workflows/sync-uv.yml from 'main' to 'master' in all relevant GitHub workflow files to ensure correct branch usage for setup steps.
@Paillat-dev Paillat-dev force-pushed the uv-frozen branch 2 times, most recently from 49005a5 to 0fdf0f6 Compare September 3, 2025 21:56
Lulalaby and others added 7 commits September 3, 2025 23:58
@Lulalaby
Refactor UV sync to composite GitHub Action
40ba971 
Replaces the workflow-based sync-uv implementation with a reusable composite action in .github/actions/sync-uv/action.yml. Updates all workflows to use the new action for dependency synchronization, improving maintainability and modularity.
@Lulalaby
Fix boolean input handling in sync-uv action
3e34cc1 
Updates environment variable assignment to explicitly check for 'true' string values in inputs.no_python_downloads and inputs.frozen, ensuring correct behavior when setting UV_NO_PYTHON_DOWNLOADS and UV_FROZEN.
@Lulalaby
Improve argument building in sync-uv action
cf1b60d 
Refactored the scripts for building group and extra arguments to use explicit if statements for non-empty values and added 'set -x' for debugging. Also added '|| exit 0' to the output commands to prevent failures if output writing fails.
@Lulalaby
Update action.yml
a4b36af
@Paillat-dev
💚 Use only one bash step so we can safely not use printf
c1a0440
@Paillat-dev
💚 Forgot the set +e
a8a4aef
@Paillat-dev
💚 Use different variable names
fba292e
@Paillat-dev Paillat-dev removed the don't-merge DO NOT MERGE label Sep 3, 2025
@Paillat-dev Paillat-dev requested a review from plun1331 October 5, 2025 11:27
@Paillat-dev Paillat-dev requested a review from Copilot October 20, 2025 14:26
Copilot AI reviewed Oct 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR creates a reusable GitHub Actions workflow for UV dependency management and enables frozen lockfile mode to enhance supply chain security. The changes consolidate UV setup and sync operations across multiple workflow files.

Key Changes:

  • Created a new reusable action (.github/actions/sync-uv/action.yml) that handles UV installation and dependency synchronization with configurable groups and extras
  • Updated all workflow files to use the new reusable action and downgraded Python version from 3.14 to 3.13
  • Enabled frozen lockfile mode by default to prevent unexpected dependency updates

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
.github/actions/sync-uv/action.yml New reusable action that installs UV and syncs dependencies with frozen lockfile enabled by default
.github/workflows/sync-guild-features.yml Refactored to use new UV action with dev and ci groups
.github/workflows/lib-checks.yml Updated all jobs to use new UV action with dev group
.github/workflows/docs-localization-upload.yml Migrated to new UV action with docs groups and speed/voice extras
.github/workflows/docs-localization-download.yml Migrated to new UV action with docs groups and speed/voice extras
.github/workflows/docs-checks.yml Updated to use new UV action with dev and docs groups

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@Paillat-dev Paillat-dev merged commit 0139276 into master Oct 20, 2025
7 checks passed
@Paillat-dev Paillat-dev deleted the uv-frozen branch October 20, 2025 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Lulalaby Lulalaby Awaiting requested review from Lulalaby Lulalaby is a code owner

@plun1331 plun1331 Awaiting requested review from plun1331

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Paillat-dev @Lulalaby