feat: improve workflow speed with uv

Signed-off-by: Anatoli Nicolae <an@thundersquared.com>

fix: remove unnecessary env: block

Signed-off-by: Anatoli Nicolae <an@thundersquared.com>

Author: anatolinicolae

.github/workflows/mx1-ansible-deploy.yml

@@ -1,8 +1,6 @@
 name: Deploy mx1 with Ansible
 permissions:
   contents: read
-env:
-  PYTHON_VERSION: '3.14'
 on:
   workflow_dispatch:
     inputs:
@@ -28,27 +26,9 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.2
-      - name: Set up Python
-        uses: actions/setup-python@v6.2.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          check-latest: true
-          cache: 'pip'
-          cache-dependency-path: 'requirements.txt'
-      - name: Cache Ansible Galaxy requirements
-        uses: actions/cache@v5.0.3
-        with:
-          path: ~/.ansible
-          key: ansible-galaxy-${{ hashFiles('mx1/ansible/requirements.yml') }}
-          restore-keys: |
-            ansible-galaxy-
-      - name: Install Ansible
-        run: pip install -r requirements.txt
-      - name: Install Ansible Galaxy requirements
-        run: |
-          ansible-galaxy install -r mx1/ansible/requirements.yml --force-with-deps
-      - name: Set up inventory with secrets and SSH key
+      - name: Set up inventory, Python version, and SSH key
         run: |
+          echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV"
           if [ -z "${{ secrets.HOST }}" ] || [ -z "${{ secrets.USER }}" ]; then
             echo "HOST or USER secret is missing!" >&2
             exit 1
@@ -59,10 +39,33 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H "${{ secrets.HOST }}" >> ~/.ssh/known_hosts
           echo "${{ secrets.HOST }} ansible_user=${{ secrets.USER }} ansible_ssh_private_key=~/.ssh/id_ed25519" > inventory
+      - name: Cache Ansible Galaxy requirements
+        uses: actions/cache@v5.0.3
+        with:
+          path: ~/.ansible
+          key: ansible-galaxy-${{ hashFiles('mx1/ansible/requirements.yml') }}
+          restore-keys: |
+            ansible-galaxy-
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version-file: '.python-version'
+          check-latest: true
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7.2.1
+        with:
+          enable-cache: true
+          cache-dependency-glob: 'requirements.txt'
+      - name: Install Ansible
+        run: |
+          uv pip install -r requirements.txt
+      - name: Install Ansible Galaxy requirements
+        run: |
+          uv run ansible-galaxy install -r mx1/ansible/requirements.yml --force-with-deps
       - name: Run Ansible Playbook
         env:
           ANSIBLE_CONFIG: mx1/ansible/ansible.cfg
-          ANSIBLE_STRATEGY_PLUGINS: ${{ env.pythonLocation }}/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
+          ANSIBLE_STRATEGY_PLUGINS: ${{ github.workspace }}/.venv/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
           BORG_REPOSITORY: ${{ secrets.BORG_REPOSITORY }}
           BORG_PASSPHRASE: ${{ secrets.BORG_PASSPHRASE }}
           BORG_HEARTBEAT_URL: ${{ secrets.BORG_HEARTBEAT_URL }}
@@ -73,4 +76,4 @@ jobs:
           DOCKER_IPV6_SUBNET: ${{ secrets.DOCKER_IPV6_SUBNET }}
           SCHEDULED_RUN: ${{ github.event_name == 'schedule' || github.event.inputs.force_schedule_mode == 'true' }}
         run: |
-          ansible-playbook -i inventory mx1/ansible/playbook.yml --private-key ~/.ssh/id_ed25519
+          uv run ansible-playbook -i inventory mx1/ansible/playbook.yml --private-key ~/.ssh/id_ed25519

.github/workflows/web1-ansible-deploy.yml

@@ -1,8 +1,6 @@
 name: Deploy web1 with Ansible
 permissions:
   contents: read
-env:
-  PYTHON_VERSION: '3.14'
 on:
   workflow_dispatch:
     inputs:
@@ -28,27 +26,9 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.2
-      - name: Set up Python
-        uses: actions/setup-python@v6.2.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          check-latest: true
-          cache: 'pip'
-          cache-dependency-path: 'requirements.txt'
-      - name: Cache Ansible Galaxy requirements
-        uses: actions/cache@v5.0.3
-        with:
-          path: ~/.ansible
-          key: ansible-galaxy-${{ hashFiles('web1/ansible/requirements.yml') }}
-          restore-keys: |
-            ansible-galaxy-
-      - name: Install Ansible
-        run: pip install -r requirements.txt
-      - name: Install Ansible Galaxy requirements
-        run: |
-          ansible-galaxy install -r web1/ansible/requirements.yml --force-with-deps
-      - name: Set up inventory with secrets and SSH key
+      - name: Set up inventory, Python version, and SSH key
         run: |
+          echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV"
           if [ -z "${{ secrets.HOST }}" ] || [ -z "${{ secrets.USER }}" ]; then
             echo "HOST or USER secret is missing!" >&2
             exit 1
@@ -59,15 +39,38 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H "${{ secrets.HOST }}" >> ~/.ssh/known_hosts
           echo "${{ secrets.HOST }} ansible_user=${{ secrets.USER }} ansible_ssh_private_key=~/.ssh/id_ed25519" > inventory
+      - name: Cache Ansible Galaxy requirements
+        uses: actions/cache@v5.0.3
+        with:
+          path: ~/.ansible
+          key: ansible-galaxy-${{ hashFiles('web1/ansible/requirements.yml') }}
+          restore-keys: |
+            ansible-galaxy-
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version-file: '.python-version'
+          check-latest: true
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7.2.1
+        with:
+          enable-cache: true
+          cache-dependency-glob: 'requirements.txt'
+      - name: Install Ansible
+        run: |
+          uv pip install -r requirements.txt
+      - name: Install Ansible Galaxy requirements
+        run: |
+          uv run ansible-galaxy install -r web1/ansible/requirements.yml --force-with-deps
       - name: Run Ansible Playbook
         env:
           ANSIBLE_CONFIG: web1/ansible/ansible.cfg
-          ANSIBLE_STRATEGY_PLUGINS: ${{ env.pythonLocation }}/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
+          ANSIBLE_STRATEGY_PLUGINS: .venv/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
           MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
           GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
           GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
           DOCKER_IPV6_SUBNET: ${{ secrets.DOCKER_IPV6_SUBNET }}
           CROWDSEC_TOKEN: ${{ secrets.CROWDSEC_TOKEN }}
           SCHEDULED_RUN: ${{ github.event_name == 'schedule' || github.event.inputs.force_schedule_mode == 'true' }}
         run: |
-          ansible-playbook -i inventory web1/ansible/playbook.yml --private-key ~/.ssh/id_ed25519
+          uv run ansible-playbook -i inventory web1/ansible/playbook.yml --private-key ~/.ssh/id_ed25519

.github/workflows/web2-ansible-deploy.yml

@@ -1,8 +1,6 @@
 name: Deploy web2 with Ansible
 permissions:
   contents: read
-env:
-  PYTHON_VERSION: '3.14'
 on:
   workflow_dispatch:
     inputs:
@@ -28,27 +26,9 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.2
-      - name: Set up Python
-        uses: actions/setup-python@v6.2.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          check-latest: true
-          cache: 'pip'
-          cache-dependency-path: 'requirements.txt'
-      - name: Cache Ansible Galaxy requirements
-        uses: actions/cache@v5.0.3
-        with:
-          path: ~/.ansible
-          key: ansible-galaxy-${{ hashFiles('web2/ansible/requirements.yml') }}
-          restore-keys: |
-            ansible-galaxy-
-      - name: Install Ansible
-        run: pip install -r requirements.txt
-      - name: Install Ansible Galaxy requirements
-        run: |
-          ansible-galaxy install -r web2/ansible/requirements.yml --force-with-deps
-      - name: Set up inventory with secrets and SSH key
+      - name: Set up inventory, Python version, and SSH key
         run: |
+          echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV"
           if [ -z "${{ secrets.HOST }}" ] || [ -z "${{ secrets.USER }}" ]; then
             echo "HOST or USER secret is missing!" >&2
             exit 1
@@ -59,14 +39,37 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H "${{ secrets.HOST }}" >> ~/.ssh/known_hosts
           echo "${{ secrets.HOST }} ansible_user=${{ secrets.USER }} ansible_ssh_private_key=~/.ssh/id_ed25519" > inventory
+      - name: Cache Ansible Galaxy requirements
+        uses: actions/cache@v5.0.3
+        with:
+          path: ~/.ansible
+          key: ansible-galaxy-${{ hashFiles('web2/ansible/requirements.yml') }}
+          restore-keys: |
+            ansible-galaxy-
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version-file: '.python-version'
+          check-latest: true
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7.2.1
+        with:
+          enable-cache: true
+          cache-dependency-glob: 'requirements.txt'
+      - name: Install Ansible
+        run: |
+          uv pip install -r requirements.txt
+      - name: Install Ansible Galaxy requirements
+        run: |
+          uv run ansible-galaxy install -r web2/ansible/requirements.yml --force-with-deps
       - name: Run Ansible Playbook
         env:
           ANSIBLE_CONFIG: web2/ansible/ansible.cfg
-          ANSIBLE_STRATEGY_PLUGINS: ${{ env.pythonLocation }}/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
+          ANSIBLE_STRATEGY_PLUGINS: ${{ github.workspace }}/.venv/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
           GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
           GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
           DOCKER_IPV6_SUBNET: ${{ secrets.DOCKER_IPV6_SUBNET }}
           CROWDSEC_TOKEN: ${{ secrets.CROWDSEC_TOKEN }}
           SCHEDULED_RUN: ${{ github.event_name == 'schedule' || github.event.inputs.force_schedule_mode == 'true' }}
         run: |
-          ansible-playbook -i inventory web2/ansible/playbook.yml --private-key ~/.ssh/id_ed25519
+          uv run ansible-playbook -i inventory web2/ansible/playbook.yml --private-key ~/.ssh/id_ed25519

.github/workflows/web3-ansible-deploy.yml

@@ -1,8 +1,6 @@
 name: Deploy web3 with Ansible
 permissions:
   contents: read
-env:
-  PYTHON_VERSION: '3.14'
 on:
   workflow_dispatch:
     inputs:
@@ -28,27 +26,9 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.2
-      - name: Set up Python
-        uses: actions/setup-python@v6.2.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          check-latest: true
-          cache: 'pip'
-          cache-dependency-path: 'requirements.txt'
-      - name: Cache Ansible Galaxy requirements
-        uses: actions/cache@v5.0.3
-        with:
-          path: ~/.ansible
-          key: ansible-galaxy-${{ hashFiles('web3/ansible/requirements.yml') }}
-          restore-keys: |
-            ansible-galaxy-
-      - name: Install Ansible
-        run: pip install -r requirements.txt
-      - name: Install Ansible Galaxy requirements
-        run: |
-          ansible-galaxy install -r web3/ansible/requirements.yml --force-with-deps
-      - name: Set up inventory with secrets and SSH key
+      - name: Set up inventory, Python version, and SSH key
         run: |
+          echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV"
           if [ -z "${{ secrets.HOST }}" ] || [ -z "${{ secrets.USER }}" ]; then
             echo "HOST or USER secret is missing!" >&2
             exit 1
@@ -59,10 +39,33 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H "${{ secrets.HOST }}" >> ~/.ssh/known_hosts
           echo "${{ secrets.HOST }} ansible_user=${{ secrets.USER }} ansible_ssh_private_key=~/.ssh/id_ed25519" > inventory
+      - name: Cache Ansible Galaxy requirements
+        uses: actions/cache@v5.0.3
+        with:
+          path: ~/.ansible
+          key: ansible-galaxy-${{ hashFiles('web3/ansible/requirements.yml') }}
+          restore-keys: |
+            ansible-galaxy-
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version-file: '.python-version'
+          check-latest: true
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7.2.1
+        with:
+          enable-cache: true
+          cache-dependency-glob: 'requirements.txt'
+      - name: Install Ansible
+        run: |
+          uv pip install -r requirements.txt
+      - name: Install Ansible Galaxy requirements
+        run: |
+          uv run ansible-galaxy install -r web3/ansible/requirements.yml --force-with-deps
       - name: Run Ansible Playbook
         env:
           ANSIBLE_CONFIG: web3/ansible/ansible.cfg
-          ANSIBLE_STRATEGY_PLUGINS: ${{ env.pythonLocation }}/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
+          ANSIBLE_STRATEGY_PLUGINS: ${{ github.workspace }}/.venv/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
           CLOUDFLARED_TOKEN: ${{ secrets.CLOUDFLARED_TOKEN }}
           MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }}
           GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
@@ -71,4 +74,4 @@ jobs:
           CROWDSEC_TOKEN: ${{ secrets.CROWDSEC_TOKEN }}
           SCHEDULED_RUN: ${{ github.event_name == 'schedule' || github.event.inputs.force_schedule_mode == 'true' }}
         run: |
-          ansible-playbook -i inventory web3/ansible/playbook.yml --private-key ~/.ssh/id_ed25519
+          uv run ansible-playbook -i inventory web3/ansible/playbook.yml --private-key ~/.ssh/id_ed25519

.github/workflows/web8-ansible-deploy.yml

@@ -1,8 +1,6 @@
 name: Deploy web8 with Ansible
 permissions:
   contents: read
-env:
-  PYTHON_VERSION: '3.14'
 on:
   workflow_dispatch:
     inputs:
@@ -28,27 +26,9 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6.0.2
-      - name: Set up Python
-        uses: actions/setup-python@v6.2.0
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-          check-latest: true
-          cache: 'pip'
-          cache-dependency-path: 'requirements.txt'
-      - name: Cache Ansible Galaxy requirements
-        uses: actions/cache@v5.0.3
-        with:
-          path: ~/.ansible
-          key: ansible-galaxy-${{ hashFiles('web8/ansible/requirements.yml') }}
-          restore-keys: |
-            ansible-galaxy-
-      - name: Install Ansible
-        run: pip install -r requirements.txt
-      - name: Install Ansible Galaxy requirements
-        run: |
-          ansible-galaxy install -r web8/ansible/requirements.yml --force-with-deps
-      - name: Set up inventory with secrets and SSH key
+      - name: Set up inventory, Python version, and SSH key
         run: |
+          echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV"
           if [ -z "${{ secrets.HOST }}" ] || [ -z "${{ secrets.USER }}" ]; then
             echo "HOST or USER secret is missing!" >&2
             exit 1
@@ -59,10 +39,33 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H "${{ secrets.HOST }}" >> ~/.ssh/known_hosts
           echo "${{ secrets.HOST }} ansible_user=${{ secrets.USER }} ansible_ssh_private_key=~/.ssh/id_ed25519" > inventory
+      - name: Cache Ansible Galaxy requirements
+        uses: actions/cache@v5.0.3
+        with:
+          path: ~/.ansible
+          key: ansible-galaxy-${{ hashFiles('web8/ansible/requirements.yml') }}
+          restore-keys: |
+            ansible-galaxy-
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version-file: '.python-version'
+          check-latest: true
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v7.2.1
+        with:
+          enable-cache: true
+          cache-dependency-glob: 'requirements.txt'
+      - name: Install Ansible
+        run: |
+          uv pip install -r requirements.txt
+      - name: Install Ansible Galaxy requirements
+        run: |
+          uv run ansible-galaxy install -r web8/ansible/requirements.yml --force-with-deps
       - name: Run Ansible Playbook
         env:
           ANSIBLE_CONFIG: web8/ansible/ansible.cfg
-          ANSIBLE_STRATEGY_PLUGINS: ${{ env.pythonLocation }}/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
+          ANSIBLE_STRATEGY_PLUGINS: ${{ github.workspace }}/.venv/lib/python${{ env.PYTHON_VERSION }}/site-packages/ansible_mitogen/plugins/strategy
           CLOUDFLARED_TOKEN: ${{ secrets.CLOUDFLARED_TOKEN }}
           BORG_REPOSITORY: ${{ secrets.BORG_REPOSITORY }}
           BORG_PASSPHRASE: ${{ secrets.BORG_PASSPHRASE }}
@@ -74,4 +77,4 @@ jobs:
           GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
           SCHEDULED_RUN: ${{ github.event_name == 'schedule' || github.event.inputs.force_schedule_mode == 'true' }}
         run: |
-          ansible-playbook -i inventory web8/ansible/playbook.yml --private-key ~/.ssh/id_ed25519
+          uv run ansible-playbook -i inventory web8/ansible/playbook.yml --private-key ~/.ssh/id_ed25519