Skip to content

[codex] use uv dependency lock#195

Merged
Pigbibi merged 1 commit into
mainfrom
codex/uv-dependency-sync-20260703
Jul 3, 2026
Merged

[codex] use uv dependency lock#195
Pigbibi merged 1 commit into
mainfrom
codex/uv-dependency-sync-20260703

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Move CI, Docker, and Cloud Run env-sync dependency installation to pyproject.toml + a real uv.lock.
  • Keep legacy requirements.txt / constraints.txt for compatibility during the staged migration.
  • Use --no-install-project to keep this dependency-management change separate from package-layout changes.
  • Add uv workflow regression coverage and tighten .dockerignore so local venv/build artifacts are not copied into Docker context.

Validation

  • uv sync --frozen --extra test --no-install-project
  • uv run --no-sync python scripts/check_qpk_pin_consistency.py
  • uv run --no-sync python -m pytest -q tests/test_uv_dependency_workflow.py tests/test_dependency_pin_guard.py
  • uv pip check
  • uv run --no-sync ruff check --exclude external .
  • uv run --no-sync python -m pytest -q (172 passed)
  • uv run --no-sync python -m build
  • actionlint .github/workflows/ci.yml .github/workflows/sync-cloud-run-env.yml
  • git diff --check
  • docker build -t firstradeplatform-uv-sync:local .

Co-Authored-By: Codex <noreply@openai.com>
@Pigbibi Pigbibi merged commit 7ef58d6 into main Jul 3, 2026
2 checks passed
@Pigbibi Pigbibi deleted the codex/uv-dependency-sync-20260703 branch July 3, 2026 06:59

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

https://github.com/QuantStrategyLab/FirstradePlatform/blob/f5247cd6c4bc1b57b23ced6c54b2d12e214e76a7/Dockerfile#L39
P2 Badge Keep /app writable for the runtime cache

When FIRSTRADE_COOKIE_DIR is left at its default relative path (.runtime/firstrade-cookies), the service creates that directory at login via Path(...).mkdir(parents=True), but .runtime is excluded from the Docker context and WORKDIR /app remains root-owned because this copy only chowns files that are copied. The previous chown -R appuser:appuser /app allowed the non-root user to create the cache directory; with this image, default Cloud Run executions that need a Firstrade session will fail with a permission error before trading/smoke checks can run.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/ci.yml
python -m pip install pytest pytest-cov ruff build

python -m pip install --upgrade pip uv
uv sync --frozen --extra test --no-install-project

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Assert the uv.lock is current before syncing

When a dependency pin in pyproject.toml changes without regenerating uv.lock (for example a QPK/UES SHA bump), this CI step still installs the old locked package set: uv sync --help describes --frozen as syncing without updating uv.lock, not checking that it matches the project metadata. I verified a dry-run after changing only the pyproject ref still planned the old locked SHA, and the pin guard does not inspect uv.lock while this install runs before the guard; the Dockerfile and env-sync workflow use the same pattern, so tests/deploys can silently run against stale dependencies unless CI uses --locked or an explicit lock freshness check.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant