diff --git a/crates/uv/tests/lock.rs b/crates/uv/tests/lock.rs index 038350015e02..ebf8361118d6 100644 --- a/crates/uv/tests/lock.rs +++ b/crates/uv/tests/lock.rs @@ -7502,3 +7502,134 @@ fn lock_transitive_extra() -> Result<()> { Ok(()) } + +/// If a source is provided via `tool.uv.sources` _and_ a URL is provided in `project.dependencies`, +/// we raise an error. +#[test] +fn lock_mismatched_sources() -> Result<()> { + let context = TestContext::new("3.12"); + + let pyproject_toml = context.temp_dir.child("pyproject.toml"); + pyproject_toml.write_str( + r#" + [project] + name = "project" + version = "0.1.0" + requires-python = ">=3.12" + dependencies = [ + "uv-public-pypackage @ git+https://github.com/astral-test/uv-public-pypackage@0.0.2", + ] + + [tool.uv.sources] + uv-public-pypackage = { git = "https://github.com/astral-test/uv-public-pypackage", tag = "0.0.1" } + "#, + )?; + + uv_snapshot!(context.filters(), context.lock(), @r###" + success: false + exit_code: 2 + ----- stdout ----- + + ----- stderr ----- + warning: `uv lock` is experimental and may change without warning + warning: `uv.sources` is experimental and may change without warning + error: Failed to download and build: `project @ file://[TEMP_DIR]/` + Caused by: Failed to parse entry for: `uv-public-pypackage` + Caused by: Can't combine URLs from both `project.dependencies` and `tool.uv.sources` + "###); + + Ok(()) +} + +/// If a source is provided via `tool.uv.sources`, we don't enforce that the declared dependency +/// version is satisfied. +/// +/// See: +#[test] +fn lock_mismatched_versions() -> Result<()> { + let context = TestContext::new("3.12"); + + let pyproject_toml = context.temp_dir.child("pyproject.toml"); + pyproject_toml.write_str( + r#" + [project] + name = "project" + version = "0.1.0" + requires-python = ">=3.12" + dependencies = [ + "uv-public-pypackage==0.0.2", + ] + + [tool.uv.sources] + uv-public-pypackage = { git = "https://github.com/astral-test/uv-public-pypackage", tag = "0.0.1" } + "#, + )?; + + uv_snapshot!(context.filters(), context.lock(), @r###" + success: true + exit_code: 0 + ----- stdout ----- + + ----- stderr ----- + warning: `uv lock` is experimental and may change without warning + warning: `uv.sources` is experimental and may change without warning + Resolved 2 packages in [TIME] + "###); + + let lock = fs_err::read_to_string(context.temp_dir.join("uv.lock")).unwrap(); + + insta::with_settings!({ + filters => context.filters(), + }, { + assert_snapshot!( + lock, @r###" + version = 1 + requires-python = ">=3.12" + + [options] + exclude-newer = "2024-03-25 00:00:00 UTC" + + [[package]] + name = "project" + version = "0.1.0" + source = { editable = "." } + dependencies = [ + { name = "uv-public-pypackage" }, + ] + + [[package]] + name = "uv-public-pypackage" + version = "0.1.0" + source = { git = "https://github.com/astral-test/uv-public-pypackage?tag=0.0.1#0dacfd662c64cb4ceb16e6cf65a157a8b715b979" } + "### + ); + }); + + // Re-run with `--locked`. + uv_snapshot!(context.filters(), context.lock().arg("--locked"), @r###" + success: true + exit_code: 0 + ----- stdout ----- + + ----- stderr ----- + warning: `uv lock` is experimental and may change without warning + warning: `uv.sources` is experimental and may change without warning + Resolved 2 packages in [TIME] + "###); + + // Install from the lockfile. + uv_snapshot!(context.filters(), context.sync().arg("--frozen"), @r###" + success: true + exit_code: 0 + ----- stdout ----- + + ----- stderr ----- + warning: `uv sync` is experimental and may change without warning + Prepared 2 packages in [TIME] + Installed 2 packages in [TIME] + + project==0.1.0 (from file://[TEMP_DIR]/) + + uv-public-pypackage==0.1.0 (from git+https://github.com/astral-test/uv-public-pypackage@0dacfd662c64cb4ceb16e6cf65a157a8b715b979) + "###); + + Ok(()) +}