Open
Conversation
- Created pyproject.toml with all dependencies from Pipfile - Updated Makefile to use uv instead of pipenv - Updated GitHub Actions workflows (tests.yml, pylint.yml, playwright.yml) - Updated Dockerfile to use uv - Updated setup_e2e_tests.sh script - Updated README.md documentation - Updated .github/copilot-instructions.md Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| python -m pip install --upgrade pip | ||
| pip install pipenv | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| python -m pip install --upgrade pip | ||
| pip install pipenv | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium test
- Generated uv.lock file with all dependencies - Removed Pipfile and Pipfile.lock - Updated pyproject.toml with hatch build config for api package Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
Claude
AI
changed the title
Dependency ReviewThe following issues were found:
Vulnerabilitiesuv.lock
License Issues.github/workflows/tests.yml
pyproject.toml
uv.lock
OpenSSF ScorecardScorecard details
Scanned Files
|
|
|
||
| # Install uv | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
Contributor
|
@claude[agent] please fix the CI and review the comment on the PR |
- Updated .github/workflows/tests.yml to use 'uv run python -m pytest' - Updated .github/workflows/pylint.yml to use 'uv run python -m pylint' - Updated Makefile test and lint commands to use 'python -m' syntax - Updated README.md and copilot-instructions.md with correct commands - Updated setup_e2e_tests.sh with correct pytest command This fixes the CI failures where uv couldn't find pytest/pylint executables. Co-authored-by: gkorland <753206+gkorland@users.noreply.github.com>
Contributor
Author
Fixed the CI failures in commit 8a6745f. The issue was that |
Claude
AI
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates the project from Pipfile/pipenv to pyproject.toml/uv for faster dependency resolution and modern Python packaging standards (PEP 621). The migration removes the old Pipfile/Pipfile.lock and introduces pyproject.toml with hatchling as the build backend, along with a uv.lock file containing 135 resolved packages. All build tools, CI/CD workflows, and documentation have been updated to use uv commands instead of pipenv.
Changes:
- Converted Pipfile dependencies to pyproject.toml with PEP 621 compliance and configured hatchling build backend
- Updated Makefile, Dockerfile, setup scripts, and all CI/CD workflows to use uv instead of pipenv
- Updated README and copilot-instructions documentation to reflect the new uv-based workflow
Reviewed changes
Copilot reviewed 10 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pyproject.toml | New configuration file defining project metadata, dependencies, and build system with hatchling |
| uv.lock | Generated lockfile with 135 resolved packages and their exact versions |
| Pipfile | Removed old pipenv configuration |
| Dockerfile | Updated to use ghcr.io/astral-sh/uv image and uv sync commands |
| Makefile | Replaced all pipenv commands with uv equivalents (uv sync, uv run) |
| setup_e2e_tests.sh | Updated to check for uv installation and use uv commands |
| .github/workflows/tests.yml | Uses astral-sh/setup-uv@v5 action instead of pipenv installation |
| .github/workflows/pylint.yml | Uses astral-sh/setup-uv@v5 action instead of pipenv installation |
| .github/workflows/playwright.yml | Uses astral-sh/setup-uv@v5 action instead of pipenv installation |
| README.md | Updated all documentation to reference uv instead of pipenv |
| .github/copilot-instructions.md | Updated setup instructions and troubleshooting guide for uv |
Comment on lines
+46
to
+52
| [tool.pytest.ini_options] | ||
| testpaths = ["tests"] | ||
| python_files = ["test_*.py"] | ||
| python_classes = ["Test*"] | ||
| python_functions = ["test_*"] | ||
| addopts = "-v" | ||
|
|
There was a problem hiding this comment.
The pyproject.toml now includes pytest configuration that duplicates settings in pytest.ini. The pytest.ini file has more comprehensive settings including markers (e2e, slow, auth, integration, unit), filterwarnings, and additional addopts like --strict-markers and --disable-warnings. Consider either removing pytest.ini and migrating all settings to pyproject.toml, or removing the duplicate [tool.pytest.ini_options] section from pyproject.toml to avoid configuration conflicts. For consistency in modern Python projects, consolidating all tool configuration in pyproject.toml is recommended.
Suggested change
| [tool.pytest.ini_options] | |
| testpaths = ["tests"] | |
| python_files = ["test_*.py"] | |
| python_classes = ["Test*"] | |
| python_functions = ["test_*"] | |
| addopts = "-v" |
Comment on lines
+37
to
+38
| # Install Python dependencies from pyproject.toml | ||
| RUN uv sync --frozen --no-dev |
There was a problem hiding this comment.
The Dockerfile uses 'uv sync --frozen --no-dev' which installs only production dependencies. However, this approach expects an activated virtual environment. Since the Dockerfile doesn't create or activate a virtual environment and doesn't set UV_SYSTEM_PYTHON=1, uv will create a virtual environment at /app/.venv by default. Consider either: (1) adding 'ENV UV_SYSTEM_PYTHON=1' before the uv sync command to install packages system-wide, which matches the previous pipenv behavior with --system flag, or (2) explicitly activating the virtual environment in subsequent RUN commands and the ENTRYPOINT.
gkorland
changed the title
Contributor
|
@claude[agent] please resolve the conflicts in this PR |
Contributor
Author
|
@gkorland Unfortunately I hit an unexpected error while processing your comment. I've automatically reported this to GitHub. You can ask me to try again later by mentioning me in a new comment. If you want to contact GitHub about this error, please mention the following identifier so they can better serve you: Sorry for the inconvenience! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Original prompt