mirror of
https://github.com/astral-sh/setup-uv.git
synced 2026-06-19 19:12:26 +00:00
feat: support uv.lock as a version-file source (#918)
Adds `uv.lock` as a supported `version-file` source. When `uv` is locked as a dependency in `uv.lock`, the action now installs the exact pinned version, closing the gap reported in #682. This is useful for deterministic CI: the same uv version is used until the lockfile is updated, which avoids "CI worked yesterday, fails today" drift and reduces supply-chain exposure from auto-installing the latest release. The implementation mirrors the existing `version-file` parsers — a new `uv.lock` entry in the parser registry reads the `[[package]]` whose `name = "uv"` and returns its locked `version`. Scoped to explicit `version-file: uv.lock`; workspace auto-detection is left as a possible follow-up to avoid precedence ambiguity with `uv.toml` / `pyproject.toml`. Validation (local, Node 23; dist build is esbuild-deterministic): - `npm run all` → build clean, biome clean, package clean, jest 77/77 - New tests: 3 unit (`uv-lock-file.test.ts`) + 1 integration — exact pin resolves through the full pipeline (`uv.lock` → `0.8.17`) - dist rebuilt + committed (single bundle, no spurious churn) related: #682
This commit is contained in:
somaz
GitHub
+1
-1
@@ -7,7 +7,7 @@ inputs:
|
||||
description: "The version of uv to install e.g., `0.5.0` Defaults to the version in pyproject.toml or 'latest'."
|
||||
default: ""
|
||||
version-file:
|
||||
description: "Path to a file containing the version of uv to install. Defaults to searching for uv.toml and if not found pyproject.toml."
|
||||
description: "Path to a file containing the version of uv to install, e.g., uv.toml, pyproject.toml, .tool-versions, requirements.txt or uv.lock. Defaults to searching for uv.toml and if not found pyproject.toml."
|
||||
default: ""
|
||||
python-version:
|
||||
description: "The version of Python to set UV_PYTHON to"
|
||||
|
||||
Reference in New Issue
Block a user