Add additional flags to uv pip install command

KatieB5 · KatieB5 · commit 22308c5b3370 · 2025-12-01T17:09:05.000Z
This commit adds the `--no-deps` and
`--require-hashes` flags that had been omitted
from the `uv pip install` command, and updates the
corresponding comment.

Rationale:
- `--no-deps` ensures we only install the resolved
  dependency tree recorded in requirements.prod.txt (no additional dependency resolution).
- `--require-hashes` enforces that every package
  has a hash entry in the requirements file,
  keeping installs deterministic

Testing:
- Ran `just clean`, `just prodenv`, and `just
  run-prod` locally.
diff --git a/justfile b/justfile
@@ -65,7 +65,10 @@ prodenv: requirements-prod
 
     # --no-deps so that we only install the packages explicitly listed in requirements.prod.txt.
     # https://docs.astral.sh/uv/reference/cli/#uv-pip-install--no-deps
-    uv pip install -r requirements.prod.txt
+    #--require-hashes enforces that every package has a hash entry in
+    # the requirements file, keeping installs deterministic
+    # https://docs.astral.sh/uv/reference/cli/#uv-pip-install--require-hashes
+    uv pip install --no-deps --require-hashes -r requirements.prod.txt
     touch $VIRTUAL_ENV/.prod
 
 
