ISSUE #3032: chore(uv): pin uv version to fix CI check-generated-code failure#3034
Merged
jiridanek merged 5 commits intoopendatahub-io:mainfrom Feb 27, 2026
Merged
Conversation
Contributor
|
Skipping CI for Draft Pull Request. |
Contributor
📝 WalkthroughWalkthroughAdds a project-local Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
github-actions
Bot
added
the
review-requested
jiridanek
force-pushed
the
jd/26/02/bottles_n_the_wall
branch
from
ef1b969 to
35f6347
Compare
jiridanek
requested review from
atheo89 and
jstourac
and removed request for
atheo89
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
ci/generate_code.sh (1)
4-8:⚠️ Potential issue | 🟠 MajorVersion gate does not enforce the pinned uv release.
Line 4 only checks that
uvexists. If a non-0.10.6 binary is installed, generation still runs with that version, which can reintroduce nondeterministic lockfile output.Suggested fix
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" -uv --version || pip install "uv==0.10.6" +command -v uv >/dev/null || pip install "uv==0.10.6" -uv run scripts/dockerfile_fragments.py -uv run manifests/tools/generate_kustomization.py +"${REPO_ROOT}/uv" run scripts/dockerfile_fragments.py +"${REPO_ROOT}/uv" run manifests/tools/generate_kustomization.py bash scripts/pylocks_generator.sh🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@ci/generate_code.sh` around lines 4 - 8, The current check only verifies `uv` exists but not its version, so update the preflight to enforce the pinned 0.10.6 release: run `uv --version` and verify the output matches the exact version (e.g., grep/compare to "0.10.6"), and if it does not match, install `uv==0.10.6` (keep using the existing `pip install "uv==0.10.6"` fallback). Ensure the verification uses the same `uv --version` command used currently and occurs before the subsequent `uv run scripts/dockerfile_fragments.py` and `uv run manifests/tools/generate_kustomization.py` invocations so generation only proceeds when the exact version is present..github/workflows/security.yaml (1)
20-28:⚠️ Potential issue | 🟠 MajorMove
actions/checkoutbeforesetup-uvto ensure version pinning fromuv.tomlis discoverable.The
setup-uv@v7action auto-detects the pinned version by readingrequired-versionfromuv.toml(orpyproject.toml) when no explicitversionis provided. Sincesetup-uvcurrently runs beforeactions/checkout, the repository files are not yet in the workspace, causing the action to default to installing the latest version instead of the pinned requirement.Reorder steps
+ - name: Checkout code + uses: actions/checkout@v6 + - name: Install uv uses: astral-sh/setup-uv@v7 with: activate-environment: false ignore-empty-workdir: true enable-cache: false - - - name: Checkout code - uses: actions/checkout@v6🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/security.yaml around lines 20 - 28, Swap the "Checkout code" and "Install uv" steps so actions/checkout@v6 runs before astral-sh/setup-uv@v7; specifically, move the step named "Checkout code" to precede the step named "Install uv" so setup-uv can read required-version from uv.toml/pyproject.toml and honor the pinned version when no explicit version is supplied.
🧹 Nitpick comments (1)
README.md (1)
87-99: Consider adding a note about version synchronization.The examples hardcode version
0.10.6in multiple places (lines 87, 91, 96, 98). If the pinned version inuv.tomlis updated, these examples would need manual updates to stay accurate.Consider adding a brief note like: "Replace
0.10.6with the version specified inuv.toml" to help prevent the examples from becoming stale.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@README.md` around lines 87 - 99, Add a short note near the examples that hardcode "0.10.6" advising readers to replace that version with the one pinned in uv.toml; specifically update the sections showing "uv tool run uv@0.10.6 sync --locked", "uv@0.10.6 sync --locked" and the installer examples using "https://astral.sh/uv/0.10.6/install.sh" and "pip install uv==0.10.6" to include a sentence like "Replace 0.10.6 with the version specified in uv.toml" so the examples stay correct when the pinned version changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In @.github/workflows/security.yaml:
- Around line 20-28: Swap the "Checkout code" and "Install uv" steps so
actions/checkout@v6 runs before astral-sh/setup-uv@v7; specifically, move the
step named "Checkout code" to precede the step named "Install uv" so setup-uv
can read required-version from uv.toml/pyproject.toml and honor the pinned
version when no explicit version is supplied.
In `@ci/generate_code.sh`:
- Around line 4-8: The current check only verifies `uv` exists but not its
version, so update the preflight to enforce the pinned 0.10.6 release: run `uv
--version` and verify the output matches the exact version (e.g., grep/compare
to "0.10.6"), and if it does not match, install `uv==0.10.6` (keep using the
existing `pip install "uv==0.10.6"` fallback). Ensure the verification uses the
same `uv --version` command used currently and occurs before the subsequent `uv
run scripts/dockerfile_fragments.py` and `uv run
manifests/tools/generate_kustomization.py` invocations so generation only
proceeds when the exact version is present.
---
Nitpick comments:
In `@README.md`:
- Around line 87-99: Add a short note near the examples that hardcode "0.10.6"
advising readers to replace that version with the one pinned in uv.toml;
specifically update the sections showing "uv tool run uv@0.10.6 sync --locked",
"uv@0.10.6 sync --locked" and the installer examples using
"https://astral.sh/uv/0.10.6/install.sh" and "pip install uv==0.10.6" to include
a sentence like "Replace 0.10.6 with the version specified in uv.toml" so the
examples stay correct when the pinned version changes.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (9)
.github/workflows/build-notebooks-TEMPLATE.yaml.github/workflows/code-quality.yaml.github/workflows/docs.yaml.github/workflows/security.yaml.pre-commit-config.yamlREADME.mdci/generate_code.shuvuv.toml
jiridanek
force-pushed
the
jd/26/02/bottles_n_the_wall
branch
from
35f6347 to
bbaf954
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/piplock-renewal.yaml (1)
78-79: Consider making uv version pinning explicit for clarity.The setup-uv action already defaults to discovering
uv.tomlautomatically, so the current configuration will use youruv.toml(which specifiesrequired-version = "==0.10.6"). However, making this explicit viaversion-file: uv.tomlimproves readability and removes reliance on the action's default behavior, which could change in future versions.Proposed change
- name: Install uv uses: astral-sh/setup-uv@v7 + with: + version-file: uv.toml🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/piplock-renewal.yaml around lines 78 - 79, The workflow step using the action astral-sh/setup-uv@v7 should explicitly pin the uv tool version by adding the version-file input; update the step that currently contains "uses: astral-sh/setup-uv@v7" to include the parameter version-file: uv.toml so the action reads the required-version from uv.toml explicitly (rather than relying on the action's default discovery).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@uv`:
- Around line 35-36: Fast-path version check in the shell wrapper uses the
pattern [[ "$current" == "uv $version "* ]] which requires a trailing space and
therefore fails for outputs like "uv 0.10.6"; change the condition in the
wrapper (the if that assigns current with uv --version and then compares it) to
match the version as a prefix without requiring a trailing space (e.g., remove
the literal trailing space in the pattern or use a regex/pattern that accepts
end-of-line or whitespace after the version) so that outputs like "uv 0.10.6"
correctly take the fast path.
---
Nitpick comments:
In @.github/workflows/piplock-renewal.yaml:
- Around line 78-79: The workflow step using the action astral-sh/setup-uv@v7
should explicitly pin the uv tool version by adding the version-file input;
update the step that currently contains "uses: astral-sh/setup-uv@v7" to include
the parameter version-file: uv.toml so the action reads the required-version
from uv.toml explicitly (rather than relying on the action's default discovery).
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (11)
.github/workflows/build-notebooks-TEMPLATE.yaml.github/workflows/code-quality.yaml.github/workflows/docs.yaml.github/workflows/piplock-renewal.yaml.github/workflows/security.yaml.pre-commit-config.yamlREADME.mdci/generate_code.shscripts/pylocks_generator.shuvuv.toml
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
README.md (1)
80-106: Consider noting that hardcoded versions may need updates.The alternatives section references version
0.10.6directly in multiple places (lines 84, 88, 92, 97, 99). While the comment on line 84 says "(replace0.10.6below with the version fromuv.toml)", these could still become stale over time.This is acceptable as-is since the note exists, but you might consider adding a brief reminder when updating
uv.tomlto also update this README section.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@README.md` around lines 80 - 106, The README alternatives block currently hardcodes version "0.10.6" in several places; update the Alternatives section so it either uses a single visible placeholder referencing uv.toml (e.g., mention "replace with the version in uv.toml") or add a one-line reminder to update these examples whenever uv.toml's required-version changes; target the Alternatives to ./uv, uvx, and "uv tool run" examples and mention uv.toml/required-version so maintainers know to keep examples in sync.uv (1)
39-40: Consider adding a fallback for very old system uv versions.The slow path assumes the system uv supports
uv tool run, which was introduced in uv ~0.2.x. If a user has an extremely old uv, this will fail with a confusing error.This is a minor edge case since most users will have recent uv versions, and the script already requires uv to be installed. The failure message from old uv would still point users in the right direction.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@uv` around lines 39 - 40, The slow-path line exec uv tool run "uv@${version}" "$@" assumes the system uv supports the "tool run" subcommand; add a detection branch before that exec which tests whether the installed uv supports "tool run" (e.g., via checking uv --version or probing uv tool --help) and if it does not, fall back to a clear error or alternative: either invoke a bundled/downloaded uvx if available or print a concise, actionable message asking the user to upgrade uv (or use uvx) and exit. Replace the direct exec of exec uv tool run "uv@${version}" "$@" with this conditional logic so old uv installs are handled gracefully.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@ci/generate_code.sh`:
- Line 11: The call to scripts/pylocks_generator.sh should use the project's
pinned uv wrapper for consistency; replace the direct invocation with invoking
the wrapper (use "${REPO_ROOT}/uv" run scripts/pylocks_generator.sh) so the
pinned uv (0.10.6) is used like the earlier "${REPO_ROOT}/uv" invocations, or
alternatively update scripts/pylocks_generator.sh to call "${REPO_ROOT}/uv" for
any internal uv usage—locate the invocation in ci/generate_code.sh and the uv
calls in scripts/pylocks_generator.sh (if you choose the latter) and make them
use the "${REPO_ROOT}/uv" wrapper.
---
Nitpick comments:
In `@README.md`:
- Around line 80-106: The README alternatives block currently hardcodes version
"0.10.6" in several places; update the Alternatives section so it either uses a
single visible placeholder referencing uv.toml (e.g., mention "replace with the
version in uv.toml") or add a one-line reminder to update these examples
whenever uv.toml's required-version changes; target the Alternatives to ./uv,
uvx, and "uv tool run" examples and mention uv.toml/required-version so
maintainers know to keep examples in sync.
In `@uv`:
- Around line 39-40: The slow-path line exec uv tool run "uv@${version}" "$@"
assumes the system uv supports the "tool run" subcommand; add a detection branch
before that exec which tests whether the installed uv supports "tool run" (e.g.,
via checking uv --version or probing uv tool --help) and if it does not, fall
back to a clear error or alternative: either invoke a bundled/downloaded uvx if
available or print a concise, actionable message asking the user to upgrade uv
(or use uvx) and exit. Replace the direct exec of exec uv tool run
"uv@${version}" "$@" with this conditional logic so old uv installs are handled
gracefully.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (11)
.github/workflows/build-notebooks-TEMPLATE.yaml.github/workflows/code-quality.yaml.github/workflows/docs.yaml.github/workflows/piplock-renewal.yaml.github/workflows/security.yaml.pre-commit-config.yamlREADME.mdci/generate_code.shscripts/pylocks_generator.shuvuv.toml
✅ Files skipped from review due to trivial changes (1)
- scripts/pylocks_generator.sh
🚧 Files skipped from review as they are similar to previous changes (6)
- .github/workflows/piplock-renewal.yaml
- .pre-commit-config.yaml
- uv.toml
- .github/workflows/docs.yaml
- .github/workflows/build-notebooks-TEMPLATE.yaml
- .github/workflows/security.yaml
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
scripts/pylocks_generator.sh (1)
93-100:⚠️ Potential issue | 🟡 MinorValidate the wrapper path explicitly before version probing.
You execute
"$UV"but only preflight-checkuvinPATH. If${ROOT_DIR}/uvis missing or not executable, the script falls through to a misleading version error.Suggested patch
-if ! command -v uv &>/dev/null; then +if [[ ! -x "$UV" ]]; then + error "Expected uv wrapper at '$UV' but it is missing or not executable." + exit 1 +fi + +if ! command -v uv &>/dev/null; then error "uv command not found. Please install uv: https://github.com/astral-sh/uv" exit 1 fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/pylocks_generator.sh` around lines 93 - 100, The script checks for `uv` in PATH but later runs "$UV" without validating the `UV` wrapper path; add an explicit validation before probing version: ensure the `UV` variable (used in the UV_VERSION assignment) is set and points to an executable file (e.g., test -x "$UV"), and if not, emit a clear error and exit; update the preflight block that currently uses `command -v uv` and the UV_VERSION assignment to first resolve and validate the wrapper path stored in `UV` (or fall back to `command -v uv`) so the version probe never runs against a missing/non-executable path.
🧹 Nitpick comments (1)
scripts/pylocks_generator.sh (1)
291-316: Use an argument array for--constraintsto avoid path-splitting edge cases.
constraints_flagis currently a plain string expanded unquoted; paths with spaces will split into multiple args.Suggested patch
- local constraints_flag="" + local -a constraints_flag=() if [[ -f "$CVE_CONSTRAINTS_FILE" ]]; then local relative_constraints # Use Python for cross-platform relative path computation (realpath --relative-to is GNU-only) relative_constraints=$(python3 -c "import os; print(os.path.relpath('$CVE_CONSTRAINTS_FILE', '$PWD'))") - constraints_flag="--constraints=$relative_constraints" + constraints_flag=(--constraints "$relative_constraints") fi @@ - $constraints_flag \ + "${constraints_flag[@]}" \ $index🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/pylocks_generator.sh` around lines 291 - 316, The constraints_flag string can split on spaces when expanded unquoted; change it to an array and pass it as an argument array to the pip compile invocation: when CVE_CONSTRAINTS_FILE exists, compute relative_constraints and set constraints_flag as an array like constraints_flag=( "--constraints=$relative_constraints" ), then invoke the command expanding the array as "${constraints_flag[@]}" alongside $UPGRADE_FLAG and $index so the --constraints argument is passed as a single argument; update references to constraints_flag and the pip call (the "$UV" pip compile ... block) accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In `@scripts/pylocks_generator.sh`:
- Around line 93-100: The script checks for `uv` in PATH but later runs "$UV"
without validating the `UV` wrapper path; add an explicit validation before
probing version: ensure the `UV` variable (used in the UV_VERSION assignment) is
set and points to an executable file (e.g., test -x "$UV"), and if not, emit a
clear error and exit; update the preflight block that currently uses `command -v
uv` and the UV_VERSION assignment to first resolve and validate the wrapper path
stored in `UV` (or fall back to `command -v uv`) so the version probe never runs
against a missing/non-executable path.
---
Nitpick comments:
In `@scripts/pylocks_generator.sh`:
- Around line 291-316: The constraints_flag string can split on spaces when
expanded unquoted; change it to an array and pass it as an argument array to the
pip compile invocation: when CVE_CONSTRAINTS_FILE exists, compute
relative_constraints and set constraints_flag as an array like
constraints_flag=( "--constraints=$relative_constraints" ), then invoke the
command expanding the array as "${constraints_flag[@]}" alongside $UPGRADE_FLAG
and $index so the --constraints argument is passed as a single argument; update
references to constraints_flag and the pip call (the "$UV" pip compile ...
block) accordingly.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (1)
scripts/pylocks_generator.sh
1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper
is missing.
2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile
invocation. This avoids word-splitting on paths containing spaces.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/pylocks_generator.sh`:
- Around line 299-301: The current python3 -c call embeds shell-expanded
$CVE_CONSTRAINTS_FILE and $PWD inside single quotes which breaks on paths
containing apostrophes; change the invocation so the shell passes those paths as
argv parameters and the inline Python reads sys.argv[1] and sys.argv[2] and
computes os.path.relpath on them, then assign that output to
relative_constraints and keep constraints_flag=(--constraints
"$relative_constraints"); ensure the shell side quotes the two positional
arguments when calling python3 so spaces and special chars are preserved.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (1)
scripts/pylocks_generator.sh
Comment on lines
299
to
+301
| # Use Python for cross-platform relative path computation (realpath --relative-to is GNU-only) | ||
| relative_constraints=$(python3 -c "import os; print(os.path.relpath('$CVE_CONSTRAINTS_FILE', '$PWD'))") | ||
| constraints_flag="--constraints=$relative_constraints" | ||
| constraints_flag=(--constraints "$relative_constraints") |
Contributor
There was a problem hiding this comment.
Make relative-path computation safe for apostrophes in paths.
Line 300 embeds shell-expanded paths inside Python single-quoted literals; this breaks if either path contains '. Pass paths as argv instead.
💡 Proposed fix
- relative_constraints=$(python3 -c "import os; print(os.path.relpath('$CVE_CONSTRAINTS_FILE', '$PWD'))")
+ relative_constraints=$(python3 -c 'import os,sys; print(os.path.relpath(sys.argv[1], sys.argv[2]))' \
+ "$CVE_CONSTRAINTS_FILE" "$PWD")📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| # Use Python for cross-platform relative path computation (realpath --relative-to is GNU-only) | |
| relative_constraints=$(python3 -c "import os; print(os.path.relpath('$CVE_CONSTRAINTS_FILE', '$PWD'))") | |
| constraints_flag="--constraints=$relative_constraints" | |
| constraints_flag=(--constraints "$relative_constraints") | |
| # Use Python for cross-platform relative path computation (realpath --relative-to is GNU-only) | |
| relative_constraints=$(python3 -c 'import os,sys; print(os.path.relpath(sys.argv[1], sys.argv[2]))' \ | |
| "$CVE_CONSTRAINTS_FILE" "$PWD") | |
| constraints_flag=(--constraints "$relative_constraints") |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@scripts/pylocks_generator.sh` around lines 299 - 301, The current python3 -c
call embeds shell-expanded $CVE_CONSTRAINTS_FILE and $PWD inside single quotes
which breaks on paths containing apostrophes; change the invocation so the shell
passes those paths as argv parameters and the inline Python reads sys.argv[1]
and sys.argv[2] and computes os.path.relpath on them, then assign that output to
relative_constraints and keep constraints_flag=(--constraints
"$relative_constraints"); ensure the shell side quotes the two positional
arguments when calling python3 so spaces and special chars are preserved.
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check the current state of the relative_constraints line in scripts/pylocks_generator.sh
cat scripts/pylocks_generator.sh | sed -n '295,305p'
Length of output: 497
@jiridanek, I can see that the array handling for constraints_flag has been fixed (great work on that!), but the apostrophe-in-path vulnerability on line 300 is still present:
Current code (line 300):
relative_constraints=$(python3 -c "import os; print(os.path.relpath('$CVE_CONSTRAINTS_FILE', '$PWD'))")This still embeds $CVE_CONSTRAINTS_FILE and $PWD inside Python single-quoted strings, which will break if either path contains an apostrophe.
Required fix:
relative_constraints=$(python3 -c 'import os,sys; print(os.path.relpath(sys.argv[1], sys.argv[2]))' \
"$CVE_CONSTRAINTS_FILE" "$PWD")This passes the paths as command-line arguments to Python, avoiding string interpolation issues entirely.
Member
Author
There was a problem hiding this comment.
@coderabbitai this is not worth fixing, rather, rewrite whole script to python
create github issue to do that
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Create a GitHub issue to rewrite pylocks_generator.sh to Python
gh issue create \
--repo opendatahub-io/notebooks \
--title "Rewrite scripts/pylocks_generator.sh to Python" \
--body "## Context
The current \`scripts/pylocks_generator.sh\` bash script is complex and has some edge cases that are difficult to handle correctly in bash (e.g., paths containing apostrophes).
Rewriting it in Python would:
- Make the code more maintainable
- Avoid shell quoting and escaping pitfalls
- Leverage Python's built-in path handling and safer subprocess management
- Improve readability and testability
## References
- Related PR: `#3034`
- Discussion: https://github.com/opendatahub-io/notebooks/pull/3034#discussion_r2864644935
- Requested by: `@jiridanek`
## Scope
Rewrite \`scripts/pylocks_generator.sh\` as a Python script while preserving all existing functionality." \
--assignee jiridanek
Length of output: 55
@jiridanek, understood! I've created issue #3036 to track rewriting scripts/pylocks_generator.sh to Python. The issue has been assigned to you and includes links back to this PR and discussion.
The issue is available at: #3036
Contributor
|
@jiridanek: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
jiridanek
added a commit
to jiridanek/notebooks
that referenced
this pull request
Mar 13, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) # Check that uv reads the required-version and doesn't error uv version # Regenerate and verify no diff bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
jiridanek
added a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Mar 26, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) # Check that uv reads the required-version and doesn't error uv version # Regenerate and verify no diff bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
Open
4 tasks
jiridanek
added a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Mar 26, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) # Check that uv reads the required-version and doesn't error uv version # Regenerate and verify no diff bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
jiridanek
added a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Mar 31, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) # Check that uv reads the required-version and doesn't error uv version # Regenerate and verify no diff bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
jiridanek
added a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Mar 31, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) # Check that uv reads the required-version and doesn't error uv version # Regenerate and verify no diff bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
pushed a commit
to mtchoum1/notebooks
that referenced
this pull request
Apr 16, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) uv version bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
pushed a commit
to mtchoum1/notebooks
that referenced
this pull request
Apr 16, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) uv version bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
pushed a commit
to mtchoum1/notebooks
that referenced
this pull request
Apr 16, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) uv version bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
pushed a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Apr 16, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) uv version bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
pushed a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Apr 16, 2026
…generated-code failure (opendatahub-io#3034) The check-generated-code CI job is failing on main and all PRs because astral-sh/setup-uv@v7 installs version: "latest" (currently uv 0.10.6), which produces different pylock.toml output than the committed files. The root cause is astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) which added wheel filtering to pylock.toml even in --universal mode. See opendatahub-io#3032. Fix: pin uv version in uv.toml using required-version, remove version: "latest" from all workflows so setup-uv auto-detects the pin, and regenerate pylocks. 1. Create uv.toml at repo root required-version = "==0.10.6" setup-uv@v7 auto-detects this and installs the pinned version. Locally, uv errors if the running version doesn't match. 2. Update .github/workflows/code-quality.yaml Two setup-uv blocks (lines 17-24 and 46-53): - Remove version: "latest" line - Rename step from "Install the latest version of uv" to "Install uv" 3. Update .github/workflows/docs.yaml One setup-uv block (lines 21-28): - Remove version: "latest" line - Rename step 4. Update .github/workflows/security.yaml One setup-uv block (lines 19-26): - Remove version: "latest" line - Rename step 5. Update .github/workflows/build-notebooks-TEMPLATE.yaml One setup-uv block (lines 304-311): - Remove version: "latest" line - Rename step 6. Update ci/generate_code.sh Line 4 has a fallback pip install "uv==0.9.6" — update to "uv==0.10.6" to match the pinned version. 7. Regenerate pylocks bash ci/generate_code.sh This regenerates the 6 affected pylock.toml files with uv 0.10.6 filtering. - uv.toml (new) - .github/workflows/code-quality.yaml - .github/workflows/docs.yaml - .github/workflows/security.yaml - .github/workflows/build-notebooks-TEMPLATE.yaml - ci/generate_code.sh - 6 pylock.*.toml files (regenerated) uv version bash ci/generate_code.sh git diff --stat # should show no changes after regeneration * ISSUE opendatahub-io#3032: chore(uv): create a ./uv wrapper to run the correct version of uv 1. Pre-flight check (lines 93-100): Added explicit validation that $UV wrapper exists and is executable before the existing command -v uv check. This prevents a misleading version error if the wrapper is missing. 2. Constraints flag (lines 291-316): Changed constraints_flag from a plain string to a bash array (local -a constraints_flag=()), and expanded it as "${constraints_flag[@]}" in the pip compile invocation. This avoids word-splitting on paths containing spaces. (cherry picked from commit 137aa9b)
mtchoum1
added a commit
to red-hat-data-services/notebooks
that referenced
this pull request
Apr 16, 2026
…ck-uv [RHAIENG-4578] ISSUE opendatahub-io#3032: chore(uv): pin uv version to fix CI check-generated-code failure (opendatahub-io#3034)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
check-generated-codeCI job is failing onmainand all PRs becauseastral-sh/setup-uv@v7withversion: "latest"now installs uv 0.10.6, which produces differentpylock.tomloutput than committed files.Root cause: astral-sh/uv#18081 (released in uv 0.10.5, 2026-02-23) started filtering platform-specific wheels from
pylock.tomleven in--universalmode. This means the lock files regenerated in CI no longer match the ones committed with the older uv.Fix: Pin the uv version in one place and have everything else read from it.
Tracking issue: #3032
Changes
uv.toml(new) — single source of truth:required-version = "==0.10.6".setup-uv@v7auto-detects this when noversion:input is specified.version: "latest"from allsetup-uvsteps so they pick up the pin fromuv.toml.ci/generate_code.sh— updated the fallbackpip installfromuv==0.9.6touv==0.10.6../uv(new) — wrapper script for local use. Reads the pinned version fromuv.tomland runs it viauv tool run, so your system uv version doesn't matter. Uses the systemuvdirectly if it already matches (fast path, ~16ms).README.md— documented./uvwrapper and alternatives (uvx,uv tool run, direct install).How it works
How Has This Been Tested?
bash ci/generate_code.shlocally with uv 0.10.6 — regenerated pylocks match,git diffis clean./uv --versionoutputsuv 0.10.6with a different system uv installed./uvwrapper overhead: ~16ms (bash with builtin regex), details in #3032 commentSelf checklist (all need to be checked):
make test(gmakeon macOS) before asking for reviewDockerfile.konfluxfiles should be done inodh/notebooksand automatically synced torhds/notebooks. For Konflux-specific changes, modifyDockerfile.konfluxfiles directly inrhds/notebooksas these require special attention in the downstream repository and flow to the upcoming RHOAI release.Merge criteria:
Summary by CodeRabbit
Documentation
New Features
Chores