Skip to content

Limit uv auth login pyx.dev retries to 60s #16498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 29, 2025
Merged

Limit uv auth login pyx.dev retries to 60s #16498

merged 4 commits into from
Oct 29, 2025
+11 −0

Conversation

@woodruffw
Copy link
Member

@woodruffw woodruffw commented Oct 29, 2025

Summary

Without this, a user who does uv auth login ... will retry against the service's status endpoint forever. This probably isn't what they intended (they probably walked away from their machine), so we end their login initiation session after 60 retries. Since we do a retry every second, this gives them no less than a minute to complete a login (which should be more than enough).

Test Plan

We don't have browser-negotiated login tests at the moment in CI, but I've tested this locally:

% ./target/debug/uv auth login pyx.dev
Logging in with https://api.pyx.dev/auth/cli/login/REDACTED
error: Login session timed out

(That took well over a minute, so 60s is a lower bound assuming a very optimal network roundtrip on each poll.)

@woodruffw woodruffw requested a review from zanieb October 29, 2025 15:23
@woodruffw woodruffw self-assigned this Oct 29, 2025
@woodruffw
wait the amount i meant
3d738c7 
Signed-off-by: William Woodruff <[email protected]>
@zanieb zanieb enabled auto-merge (squash) October 29, 2025 15:27
@woodruffw
Copy link
Member Author

woodruffw commented Oct 29, 2025

With explicit timeout:

 ./target/debug/uv auth login pyx.dev
Logging in with https://api.pyx.dev/auth/cli/login/REDACTED
error: Login session timed out after 60 seconds

@konstin konstin changed the title auth/login: limit the number of status retries Limit the number of uv login login retries to 60s Oct 29, 2025
@woodruffw woodruffw temporarily deployed to uv-test-registries October 29, 2025 15:31 — with GitHub Actions Inactive
@konstin konstin added the enhancement New feature or improvement to existing functionality label Oct 29, 2025
@woodruffw
Copy link
Member Author

woodruffw commented Oct 29, 2025

I'll fix that clippy issue in another PR.

@konstin
Copy link
Member

konstin commented Oct 29, 2025
edited
Loading

Clippy is a required check, we require it for merging. If you push another commit with it, the auto-merge will go through.

(I've update the PR title for the changelog)

@zanieb zanieb changed the title Limit the number of uv login login retries to 60s Limit uv auth login pyx.dev retries to 60s Oct 29, 2025
@zanieb zanieb disabled auto-merge October 29, 2025 15:39
@zanieb zanieb merged commit c6d0b41 into main Oct 29, 2025
1 check passed
@zanieb zanieb deleted the ww/limit-login-retries branch October 29, 2025 15:39
@woodruffw woodruffw temporarily deployed to uv-test-registries October 29, 2025 15:42 — with GitHub Actions Inactive
@BrewTestBot BrewTestBot mentioned this pull request Oct 29, 2025
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Nov 3, 2025
@tmeijn
build(deps): update astral-sh/uv to v0.9.7
03c9bcc 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.9.5` -> `0.9.7` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.9.7`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#097)

[Compare Source](astral-sh/uv@0.9.6...0.9.7)

Released on 2025-10-30.

##### Enhancements

- Add Windows x86-32 emulation support to interpreter architecture checks ([#&#8203;13475](astral-sh/uv#13475))
- Improve readability of progress bars ([#&#8203;16509](astral-sh/uv#16509))
- Add GitHub attestations for uv release artifacts ([#&#8203;11357](astral-sh/uv#11357))

##### Bug fixes

- Drop terminal coloring from `uv auth token` output ([#&#8203;16504](astral-sh/uv#16504))
- Don't use UV\_LOCKED to enable `--check` flag ([#&#8203;16521](astral-sh/uv#16521))

### [`v0.9.6`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#096)

[Compare Source](astral-sh/uv@0.9.5...0.9.6)

Released on 2025-10-29.

This release contains an upgrade to Astral's fork of `async_zip`, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See [GHSA-pqhf-p39g-3x64](GHSA-pqhf-p39g-3x64) for additional details.

##### Security

- Address ZIP parsing differentials ([GHSA-pqhf-p39g-3x64](GHSA-pqhf-p39g-3x64))

##### Python

- Upgrade GraalPy to 25.0.1 ([#&#8203;16401](astral-sh/uv#16401))

##### Enhancements

- Add `--clear` to `uv build` to remove old build artifacts ([#&#8203;16371](astral-sh/uv#16371))
- Add `--no-create-gitignore` to `uv build` ([#&#8203;16369](astral-sh/uv#16369))
- Do not error when a virtual environment directory cannot be removed due to a busy error ([#&#8203;16394](astral-sh/uv#16394))
- Improve hint on `pip install --system` when externally managed ([#&#8203;16392](astral-sh/uv#16392))
- Running `uv lock --check` with outdated lockfile will print that `--check` was passed, instead of `--locked`  ([#&#8203;16322](astral-sh/uv#16322))
- Update `uv init` template for Maturin ([#&#8203;16449](astral-sh/uv#16449))
- Improve ordering of Python sources in logs ([#&#8203;16463](astral-sh/uv#16463))
- Restore DockerHub release images and annotations ([#&#8203;16441](astral-sh/uv#16441))

##### Bug fixes

- Check for matching Python implementation during `uv python upgrade` ([#&#8203;16420](astral-sh/uv#16420))
- Deterministically order `--find-links` distributions ([#&#8203;16446](astral-sh/uv#16446))
- Don't panic in `uv export --frozen` when the lockfile is outdated ([#&#8203;16407](astral-sh/uv#16407))
- Fix root of `uv tree` when `--package` is used with circular dependencies ([#&#8203;15908](astral-sh/uv#15908))
- Show package list with `pip freeze --quiet` ([#&#8203;16491](astral-sh/uv#16491))
- Limit `uv auth login pyx.dev` retries to 60s ([#&#8203;16498](astral-sh/uv#16498))
- Add an empty group with `uv add --group ... -r ...` ([#&#8203;16490](astral-sh/uv#16490))

##### Documentation

- Update docs for maturin build backend init template ([#&#8203;16469](astral-sh/uv#16469))
- Update docs to reflect previous changes to signal forwarding semantics ([#&#8203;16430](astral-sh/uv#16430))
- Add instructions for installing via MacPorts ([#&#8203;16039](astral-sh/uv#16039))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNjkuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE2OS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zanieb zanieb zanieb approved these changes

Assignees

@woodruffw woodruffw

Labels

enhancement New feature or improvement to existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@woodruffw @konstin @zanieb