Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to uv for package management #1720

Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

Switch to uv for package management #1720

wants to merge 1 commit into from

Conversation

JasonGrace2282
Copy link
Member

Warning

This PR is not yet ready to be merged. I mainly created this as an experiment,
a lot of the reviewing the updates of dependencies hasn't happened yet.

Proposed changes

  • Use uv over hand-locked requirements.txt
  • Bump (semvar compliant) packages

This PR does NOT attempt to do a python upgrade or django upgrade, but rather bump the minor/patch versions of most packages used.

TODO

  • Convert docker setup to uv
  • Pin non-semvar/NEP29 compliant packages
  • Review for breaking changes from the lockfile

Brief description of rationale

Let me just prefix this by saying I did this because bumping dependencies for Django and it's related packages is annoying to do by hand.

The Problem

Hand-locking a requirements.txt is painful, and annoying when trying to upgrade dependencies due to resolving dependency version conflicts between packages. Just using version specifiers (>=, <, etc.) fixes this problem, but introduces the possibility of using difference packages during development vs during deployment. This is what build frontends (such as uv, pipenv, and/or poetry (not to be confused with the poetry build backend)) aim to fix. They allow using version specifiers, and create a lock file with pinned versions of each dependency (including transitive ones)!

Why uv?

The problem with tools like poetry and pipenv is that creating this lock file, or installing from the lock file is annoyingly slow. uv is written in rust, and is much more snappy at resolving dependency matches, installs packages/wheels faster, and gives better error messages when a dependency conflict arises.

Another huge benefit of uv is that production scripts don't need to upgraded (much). uv can convert a uv.lock into a requirements.txt automatically (including pinned transitive dependencies, which are dependencies of dependencies):

pip install -U uv
uv export --no-dev -o requirements.txt
uv pip install --system -r requirements.txt

Note

The produced requirements.txt is platform dependent, and as such is not checked into git

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JasonGrace2282