Merge pull request #832 from akaihola/more-uv

Use `uv` even more in CI

Author: akaihola

.github/workflows/python-package.yml

@@ -101,15 +101,17 @@ jobs:
           - '3.11'
           - '3.12'
           - '3.13'
-        constraints: ['']
         post_install: ['']
         include:
           - os: ubuntu-latest
             python-version: '3.9'
             post_install: uv sync --resolution lowest-direct
           - os: ubuntu-latest
             python-version: '3.13'
-            post_install: uv sync --upgrade
+            post_install: uv pip install
+                                 --upgrade
+                                 --requirements constraints-future.txt
+
     needs:
       - build-wheel
     steps:
@@ -129,13 +131,13 @@ jobs:
       - name: Download wheel uploaded by the build-wheel job
         uses: actions/download-artifact@v4
       - name: Install Darker and its dependencies from the wheel built earlier
-        run: pip install "${{needs.build-wheel.outputs.wheel-path}}[dev]"
-                         ${{ matrix.upgrade }} ${{ matrix.constraints }}
+        run: uv pip install --group=dev "${{needs.build-wheel.outputs.wheel-path}}"
       - name: Downgrade target-version when running oldest supported Black
-        if: matrix.constraints == '--constraint constraints-oldest.txt'
+        if: matrix.post_install == 'uv sync --resolution lowest-direct'
         run: |
           sed -i 's/, "py311", "py312"//' pyproject.toml
-      - name: Upgrade Black, Flynt and Isort from GitHub if future constraints are used
+      - name: Upgrade/downgrade packages for future/oldest test
+        # Upgrade Black, Flynt and Isort from GitHub if future constraints are used.
         # This can't be done in the same Pip invocation as installing Darker
         # since Darker might place an upper limit on Black, Flynt and/or Isort during
         # compatibility fixing periods.

.github/workflows/safety.yml

@@ -10,13 +10,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
-      - name: Install uv
-        uses: astral-sh/setup-uv@v4
+        with:
+          python-version: '3.x'
+      - uses: astral-sh/setup-uv@v4
         with:
           enable-cache: true
           cache-dependency-glob: |
             **/setup.cfg
             **/pyproject.toml
-      - run: uvx --from pip-tools pip-compile setup.cfg
       - name: Check dependencies for known security vulnerabilities using Safety
-        run: uvx safety check --file requirements.txt
+      - run: uv pip compile pyproject.toml | uvx safety check --file -

CHANGES.rst

@@ -5,7 +5,6 @@ These features will be included in the next release:
 
 Added
 -----
-- CI workflow, enable caching of packages via uv across all actions
 - Drop python 3.8, add python 3.13 official support
 - New exit codes 2 for file not found, 3 for invalid command line arguments, 4 for
   missing dependencies and 123 for unknown failures.
@@ -64,6 +63,7 @@ Internal
 - Update to Mypy 1.15+ and use the ``explicit-any`` ignore.
 - Switch from old defunct Bandit action to ``brunohaf/action-bandit``.
 - Format YAML files to satisfy yaml-lint and fix workflow syntax.
+- Use UV across all CI workflow actions, and enable caching of packages.
 
 
 2.1.1_ - 2024-04-16

pyproject.toml

@@ -17,7 +17,7 @@ classifiers = [
 ]
 requires-python = ">=3.9"
 dependencies = [
-    "darkgraylib~=2.2.0",
+    "darkgraylib>=2.4.0,<3.0.dev0",
     "toml>=0.10.0",
     "typing_extensions>=4.0.1",
 ]