Skip to content

update-constraints: Use latest version if multiple indices used #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
courtneypacheco merged 1 commit into from
Jun 18, 2025
Merged

update-constraints: Use latest version if multiple indices used #35

courtneypacheco merged 1 commit into from
Jun 18, 2025
+2 −3

Conversation

@booxter
Copy link
Contributor

@booxter booxter commented Jun 18, 2025

This allows repos to set UV_INDEX= and still use fresh versions for
packages from the default index (pypi).

Also, remove unset for a variable that is not used by uv.

Signed-off-by: Ihar Hrachyshka [email protected]

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the conventional commits.
  • Changelog updated with breaking and/or notable changes for the next minor release.
  • Documentation has been added and/or updated, if applicable.
  • Unit tests have been added and/or updated. (If this is not applicable, please provide a justification.)
  • Integration testing has been performed, if applicable

Description of this Change

@booxter
update-constraints: Use latest version if multiple indices used
d7ce2bd 
This allows repos to set UV_INDEX= and still use fresh versions for
packages from the default index (pypi).

Also, remove unset for a variable that is not used by `uv`.

Signed-off-by: Ihar Hrachyshka <[email protected]>
@booxter booxter mentioned this pull request Jun 18, 2025
Closed
booxter
booxter commented Jun 18, 2025
View reviewed changes
actions/update-constraints/generate_constraints.sh

CONSTRAINTS_FILE=constraints-dev.txt

export UV_INDEX_STRATEGY=unsafe-best-match
Copy link
Contributor Author

@booxter booxter Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's called unsafe because there's an attack vector: https://docs.astral.sh/uv/concepts/indexes/#searching-across-multiple-indexes but it applies to any pip runs. Since we use pip anyway, it doesn't seem to make it any worse than status quo.

@courtneypacheco courtneypacheco merged commit 8a9dfec into instructlab:main Jun 18, 2025
12 checks passed
@mergify mergify bot added the one-approval label Jun 18, 2025
@booxter
Copy link
Contributor Author

booxter commented Jun 18, 2025

@mergify backport release-v0.2

@mergify
Copy link
Contributor

mergify bot commented Jun 18, 2025
edited
Loading

backport release-v0.2

✅ Backports have been created

Details

@mergify mergify bot mentioned this pull request Jun 18, 2025
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@courtneypacheco courtneypacheco courtneypacheco approved these changes

@ktdreyer ktdreyer Awaiting requested review from ktdreyer

Assignees

No one assigned

Labels

one-approval

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@booxter @courtneypacheco