feat: move from poetry to uv

[bellini666]

Summary by Sourcery

Switch project tooling and workflows from Poetry to uv and hatchling, including releases, CI, local development, and containers.

New Features:

• Add uv-based release pipeline that uses autopub to build and publish packages to PyPI.
• Introduce uv-based pre-release publishing flow driven by repository_dispatch events.

Bug Fixes:

• Inline multipart form-data encoding in upload tests to avoid relying on urllib3 internals.

Enhancements:

• Migrate project build backend from poetry-core to hatchling with explicit wheel and sdist targets.
• Update nox sessions to install project dependencies via uv sync and manage extra test dependencies per session.
• Normalize dependency group specifications in pyproject.toml for better compatibility with uv.
• Update local development, devcontainer, Gitpod, and federation-compatibility Docker images to use uv for dependency management and commands.

Build:

• Replace Poetry-based build configuration with hatchling and configure uv as the primary project manager via [tool.uv].
• Remove legacy setup.py and Poetry-specific plugin configuration from the project.

CI:

• Refactor test, lint, benchmark, e2e, federation-compatibility, codeflash, and release workflows to install dependencies and run commands using uv instead of Poetry and pip.
• Simplify the release workflow into uvx/autopub-based check and publish jobs and remove the custom bot action and release-check workflow.
• Adjust Windows and coverage jobs to run tests and coverage tools through uv and use uv.lock as the cache/watch file instead of poetry.lock.
• Update pre-release PR workflow to use uvx/autopub for version preparation, building, publishing, and commenting with uv-based install instructions.

Deployment:

• Update federation-compatibility Docker image to install and run the app with uv using uv.lock.

Documentation:

• Refresh README and CONTRIBUTING instructions to describe uv-based setup and commands for development and testing.
• Mention uv in the file upload guide as an installation option for FastAPI extras.

Tests:

• Change nox-based test matrix to use uv sync and uv-run pytest across sessions and platforms, including Windows coverage reporting via uv.
• Replace urllib3-based multipart encoding in HTTP upload tests with a local helper to build multipart/form-data bodies.

Chores:

• Remove obsolete Poetry-related files such as poetry.lock and the GitHub bot action implementation.

[sourcery-ai]

Reviewer's Guide

Migrate the project from Poetry to a uv + Hatchling toolchain for packaging, dependency management, and CI/release workflows, while cleaning up Poetry-specific tooling and making tests and documentation uv-aware.

File-Level Changes

Change	Details	Files
Switch project packaging and dependency management from Poetry to uv + Hatchling and define uv-friendly dependency groups.	Replace [tool.poetry] and Poetry-specific config with [tool.uv] default-groups in pyproject Normalize dependency-group version specifiers to uv-compatible syntax and remove nox-poetry/poetry-plugin-export Configure Hatchling wheel and sdist build targets and update build-system backend from poetry-core to hatchling	pyproject.toml
Refactor nox sessions to install and run via uv-managed environments instead of Poetry internals.	Replace @session decorators with @nox.session using explicit nox.Session types Use session.run_install with uv sync and UV_PROJECT_ENVIRONMENT to populate the session venv Replace session._session.install calls with standard session.install across all test/integration sessions	noxfile.py
Update CI test, lint, benchmark, e2e, federation, and Codeflash workflows to use uv for env setup and command execution.	Install uv via astral-sh/setup-uv with caching and rely on uv sync instead of poetry install in all workflows Run nox, pytest, mypy, coverage, and project tooling via uv run / uvx where appropriate Update workflow triggers and cache keys to depend on uv.lock instead of poetry.lock and remove explicit Python setup where uv handles it	.github/workflows/test.yml .github/workflows/e2e-tests.yml .github/workflows/federation-compatibility.yml .github/workflows/codeflash.yaml federation-compatibility/Dockerfile .gitpod.yml .devcontainer/Dockerfile
Redesign the release and pre-release automation to use autopub via uv and uv-based publishing instead of Poetry, while simplifying ancillary bot workflows.	Replace the old multi-job release/check/tweet workflow with a two-stage uv-based check-release + publish flow using autopub via uvx Use artifacts to pass .autopub data between jobs and configure UV_PUBLISH_TOKEN, GIT_USERNAME, and GIT_EMAIL for publishing Simplify pre-release workflow to run autopub commands via an AUTOPUB_CMD env using uvx, manually bump dev versions in pyproject, and publish via uv publish Remove the custom bot-action, release-check workflow, and tweet-related jobs/files	.github/workflows/release.yml .github/workflows/pre-release-pr.yml .github/bot-action/Dockerfile .github/bot-action/action.yml .github/bot-action/main.py .github/workflows/release-check.yml
Align docs and dev tooling containers with uv-based workflows instead of Poetry.	Update CONTRIBUTING and README to reference uv for dependency management, testing, and mypy, including example commands Adjust Gitpod and devcontainer Dockerfiles to install uv (and pre-commit) instead of Poetry Mention uv usage for installing extras in file upload guide	CONTRIBUTING.md README.md docs/guides/file-upload.md .gitpod.yml .devcontainer/Dockerfile
Remove Poetry lockfile and related artifacts while adding uv.lock and adjusting Docker images to use uv.	Drop poetry.lock, setup.py, and the bespoke GitHub bot-action files from the repo Add uv.lock as the new lockfile used by CI and Docker builds Update federation-compatibility Dockerfile to install and run dependencies via uv and use uv.lock	poetry.lock uv.lock setup.py .github/bot-action/Dockerfile .github/bot-action/action.yml .github/bot-action/main.py federation-compatibility/Dockerfile
Decouple tests from urllib3’s multipart helper by inlining a local multipart encoder implementation.	Remove the import of encode_multipart_formdata from urllib3 in HTTP upload tests Introduce a local _encode_multipart_formdata helper that matches urllib3 semantics using codecs/uuid Switch tests that were using encode_multipart_formdata to call the local helper instead	tests/http/test_upload.py

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The repeated session.run_install("uv", "sync", ...) blocks across many nox sessions could be extracted into a small helper (e.g. _sync_project(session, no_group_integrations: bool = True)) to avoid duplication and keep the sync flags/env consistent in one place.
• In pre-release-pr.yml, the version bump logic using grep/sed on pyproject.toml assumes a single version = line and simple formatting; consider switching to a small Python/TOML snippet to read/update the version more robustly if the file structure changes.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The repeated `session.run_install("uv", "sync", ...)` blocks across many nox sessions could be extracted into a small helper (e.g. `_sync_project(session, no_group_integrations: bool = True)`) to avoid duplication and keep the sync flags/env consistent in one place.
- In `pre-release-pr.yml`, the version bump logic using `grep`/`sed` on `pyproject.toml` assumes a single `version =` line and simple formatting; consider switching to a small Python/TOML snippet to read/update the version more robustly if the file structure changes.

## Individual Comments

### Comment 1
<location> `pyproject.toml:142-143` </location>
<code_context>
+[tool.hatch.build.targets.wheel]
+packages = ["strawberry"]
+
+[tool.hatch.build.targets.sdist]
+include = ["/strawberry"]

 [tool.pytest.ini_options]
</code_context>

<issue_to_address>
**issue (bug_risk):** The sdist `include` pattern is likely too restrictive and the leading `/` may prevent matching, which can produce a broken source distribution.

With hatch, `include` paths are relative to the project root, so `"/strawberry"` likely matches nothing. Also, limiting the sdist to only the `strawberry` directory will typically omit required files like `pyproject.toml`, README, and license, leading to an incomplete sdist on PyPI.

Either remove the `[tool.hatch.build.targets.sdist]` override to rely on hatch’s defaults, or switch to a relative pattern and explicitly include required files, for example:

```toml
[tool.hatch.build.targets.sdist]
include = [
  "strawberry",
  "pyproject.toml",
  "README*",
  "LICENSE*",
]
```

and drop the leading `/` so hatch can resolve the paths correctly.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[botberry]

Hi, thanks for contributing to Strawberry 🍓!

We noticed that this PR is missing a RELEASE.md file. We use that to automatically do releases here on GitHub and, most importantly, to PyPI!

So as soon as this PR is merged, a release will be made 🚀.

Here's an example of RELEASE.md:

Release type: patch

Description of the changes, ideally with some examples, if adding a new feature.

Release type can be one of patch, minor or major. We use semver, so make sure to pick the appropriate type. If in doubt feel free to ask :)

Here's the tweet text:

🆕 Release (next) is out! Thanks to @_bellini666 for the PR 👏

Get it here 👉 https://strawberry.rocks/release/(next)

[greptile-apps]

Greptile Summary

This PR migrates the project's dependency management and build system from Poetry to uv with hatchling as the build backend. The migration is comprehensive and well-executed across all workflows and documentation.

Key Changes:

• Replaced Poetry with uv for dependency management
• Switched build backend from poetry.core.masonry.api to hatchling.build
• Updated noxfile.py to use nox.Session instead of nox_poetry.Session and use uv sync with UV_PROJECT_ENVIRONMENT
• Migrated all GitHub workflows to use astral-sh/setup-uv@v5 and uv commands
• Updated documentation in CONTRIBUTING.md to reference uv instead of Poetry
• Removed Poetry-specific dependencies like nox-poetry, poetry-plugin-export, and urllib3 (<2) workaround

Issue Found:

• The py.typed marker file is not explicitly included in the new hatchling build configuration, which may break type checking support for downstream users

Confidence Score: 4/5

• This PR is mostly safe to merge with one critical issue that needs attention
• The migration from Poetry to uv is comprehensive and well-executed across all files. However, the missing py.typed file in the build configuration is a critical issue that would break type checking support for downstream users who depend on this library. Once this is fixed, the PR would be safe to merge.
• Pay close attention to pyproject.toml - the build configuration is missing the py.typed marker file which is required for PEP 561 type checking support

Important Files Changed

Filename	Overview
pyproject.toml	Migrated from Poetry to uv with hatchling as build backend; removed poetry-specific dependencies
noxfile.py	Updated to use uv for dependency management instead of poetry-nox; clean migration
.github/workflows/test.yml	Migrated CI to use uv for dependency installation and test execution
.github/workflows/release.yml	Updated release workflow to use uv for building and publishing packages

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant UV as uv Tool
    participant Nox as Nox Sessions
    participant CI as GitHub Actions
    participant PyPI as PyPI Registry

    Dev->>UV: uv sync
    UV->>UV: Read pyproject.toml + uv.lock
    UV->>UV: Install dev + integrations groups
    
    Dev->>Nox: uv run nox -t tests
    Nox->>UV: session.run_install("uv", "sync")
    UV->>Nox: Install dependencies to virtualenv
    Nox->>Nox: Run pytest with test matrix
    
    CI->>CI: Trigger on push/PR
    CI->>UV: Install uv via setup-uv@v5
    CI->>UV: uv sync (with cache)
    UV->>CI: Dependencies installed
    CI->>Nox: uv run nox (test matrix)
    Nox->>CI: Test results
    
    CI->>UV: uv build (on release)
    UV->>UV: Build wheel + sdist via hatchling
    CI->>PyPI: uv publish
    PyPI->>PyPI: Package published

Loading

[greptile-apps]

_{9 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 87.50000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.39%. Comparing base (4d2881b) to head (539a999).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4082      +/-   ##
==========================================
+ Coverage   94.22%   94.39%   +0.16%     
==========================================
  Files         540      540              
  Lines       35499    35544      +45     
  Branches     1876     1881       +5     
==========================================
+ Hits        33449    33550     +101     
+ Misses       1739     1703      -36     
+ Partials      311      291      -20     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[botberry]

Apollo Federation Subgraph Compatibility Results

Federation 1 Support	Federation 2 Support
_service 🟢 @key (single) 🟢 @key (multi) 🟢 @key (composite) 🟢 repeatable @key 🟢 @requires 🟢 @provides 🟢 federated tracing 🔲	@link 🟢 @shareable 🟢 @tag 🟢 @override 🟢 @inaccessible 🟢 @composeDirective 🟢 @interfaceObject 🟢

Learn more:

• Apollo Federation Subgraph Specification
• Compatibility Tests

[patrick91]

For this we need to also migrate to autopub beta :)

patrick91/rich-toolkit@fff431e

Like I did here, maybe we can pair on it? 😊

[codspeed-hq]

CodSpeed Performance Report

Merging this PR will improve performance by 42.48%

_{Comparing feat/poetry-to-uv (097aa56) with main (a3541c9)}

Summary

⚡ 31 improved benchmarks

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
⚡	test_execute_large_query[with_parser_cache]	1.4 s	1 s	+34.58%
⚡	test_convert_argument_large_list[1048576]	9.4 ms	8.5 ms	+10.36%
⚡	test_execute[with_no_extensions-items_10000]	591.6 ms	420.2 ms	+40.78%
⚡	test_execute[with_resolveextension-items_10000]	1.9 s	1.5 s	+31.86%
⚡	test_parse_large_query	585 ms	447.1 ms	+30.85%
⚡	test_convert_argument_large_list[4194304]	37.5 ms	34 ms	+10.32%
⚡	test_stadium[seats_per_row_250]	6 s	4.3 s	+41.37%
⚡	test_stadium[seats_per_row_500]	12 s	8.5 s	+41.3%
⚡	test_convert_argument_large_list[262144]	2.4 ms	2.2 ms	+10.57%
⚡	test_convert_argument_large_list[16384]	207.5 µs	184.6 µs	+12.4%
⚡	test_execute[with_no_extensions-items_1000]	63.9 ms	45.8 ms	+39.66%
⚡	test_convert_argument_large_list[65536]	635.1 µs	571 µs	+11.23%
⚡	test_subscription	221.2 ms	155.2 ms	+42.48%
⚡	test_execute[with_resolveextension-items_1000]	188.3 ms	140 ms	+34.53%
⚡	test_subscription_long_run[1000]	180.6 ms	130.2 ms	+38.68%
⚡	test_execute_generic_input	497.2 ms	354.4 ms	+40.29%
⚡	test_execute[with_simpleextension-items_1000]	64.1 ms	45.9 ms	+39.56%
⚡	test_execute_large_query[baseline]	2.2 s	1.7 s	+32.16%
⚡	test_execute[with_simpleextension-items_10000]	595.7 ms	423.9 ms	+40.52%
⚡	test_subscription_long_run[20000]	3.5 s	2.5 s	+39.06%
...	...	...	...	...

ℹ️ Only the first 20 benchmarks are displayed. Go to the app to view all benchmarks.

[bellini666]

@sourcery-ai review

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In the pre-release workflow, the version bump is implemented via a sed on pyproject.toml; consider using a small Python snippet (e.g. via uv run python -c ...) to parse and update TOML safely to avoid edge cases with formatting or multiple version = occurrences.
• The new _encode_multipart_formdata helper in tests/http/test_upload.py largely duplicates urllib3’s implementation; if the goal is to avoid the dependency, it might be worth extracting this helper into a small shared test utility module to keep tests cleaner and make future adjustments easier.
• Several workflows repeat the uvx --from autopub==1.0.0a55 --with pygithub autopub invocation; you’ve already introduced AUTOPUB_CMD in pre-release-pr.yml—consider using a similar environment variable or composite action in other workflows to centralize the autopub invocation and make future upgrades easier.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the pre-release workflow, the version bump is implemented via a `sed` on `pyproject.toml`; consider using a small Python snippet (e.g. via `uv run python -c ...`) to parse and update TOML safely to avoid edge cases with formatting or multiple `version =` occurrences.
- The new `_encode_multipart_formdata` helper in `tests/http/test_upload.py` largely duplicates `urllib3`’s implementation; if the goal is to avoid the dependency, it might be worth extracting this helper into a small shared test utility module to keep tests cleaner and make future adjustments easier.
- Several workflows repeat the `uvx --from autopub==1.0.0a55 --with pygithub autopub` invocation; you’ve already introduced `AUTOPUB_CMD` in `pre-release-pr.yml`—consider using a similar environment variable or composite action in other workflows to centralize the autopub invocation and make future upgrades easier.

## Individual Comments

### Comment 1
<location> `.github/workflows/pre-release-pr.yml:74-81` </location>
<code_context>
-          echo "version=$(poetry version -s)" >> $GITHUB_OUTPUT
+          $AUTOPUB_CMD prepare
+          # Get current version and append dev timestamp
+          CURRENT_VERSION=$(grep -m1 'version = ' pyproject.toml | cut -d'"' -f2)
+          DEV_VERSION="${CURRENT_VERSION}.dev.$(date '+%s')"
+          sed -i "s/version = \"${CURRENT_VERSION}\"/version = \"${DEV_VERSION}\"/" pyproject.toml
</code_context>

<issue_to_address>
**suggestion:** The version extraction in the pre-release workflow is brittle and could match unintended lines.

Using `grep 'version = '` and `cut` assumes the first matching line is the project version and that it always appears as `version = "..."`. This is fragile if another section defines `version =` or the formatting changes. Consider parsing the TOML directly (e.g. via `python -c 'import tomllib, pathlib; print(tomllib.loads(pathlib.Path("pyproject.toml").read_text())["project"]["version"])'`) or at least restricting the search to the `[project]` section to make the workflow more robust.

```suggestion
          $AUTOPUB_CMD prepare
          # Get current version from [project] using tomllib and append dev timestamp
          CURRENT_VERSION=$(python - << 'PY'
import tomllib
from pathlib import Path

data = tomllib.loads(Path("pyproject.toml").read_text())
print(data["project"]["version"])
PY
          )
          DEV_VERSION="${CURRENT_VERSION}.dev.$(date '+%s')"
          sed -i "s/version = \"${CURRENT_VERSION}\"/version = \"${DEV_VERSION}\"/" pyproject.toml
          $AUTOPUB_CMD build
          uv publish
          echo "version=${DEV_VERSION}" >> $GITHUB_OUTPUT
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}