Use uv-pre-commit to validate lockfile

[danielhollas]

The previous uv hook that checked whether uv lockfile is up-to-date required the developer to have uv installed. Using the official uv-pre-commit hook, this is no longer the case. The hook also updates the lock automatically, instead of just checking its status.

Here's the output that I got when I bumped the mypy package in pyproject.toml

❯ pre-commit run uv-lock --all
uv-lock..................................................................Failed
- hook id: uv-lock
- files were modified by this hook

warning: `VIRTUAL_ENV=/home/hollas/.cache/pre-commit/repovyb9qrvk/py_env-python3.12` does not match the project environment path `.venv` and will be ignored
Resolved 263 packages in 2.50s
Updated mypy v1.13.0 -> v1.14.1

(the warning is a bit unfortunate interaction between uv and pre-commit, I opened astral-sh/uv-pre-commit#36 and asked if it could be hidden so that it is not confusing for devs)

[danielhollas]

I think it's better to have this check only in one place.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.09%. Comparing base (eba6954) to head (daa3fb5).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6699   +/-   ##
=======================================
  Coverage   78.09%   78.09%           
=======================================
  Files         564      564           
  Lines       42544    42544           
=======================================
  Hits        33219    33219           
  Misses       9325     9325           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[danielhollas]

Hmm, this might be a problem, looks like pre-commit.ci blocks network requests. I think I've read about this in uv issue tracked

Using CPython 3.10.12 interpreter at: /usr/bin/python3
error: Failed to generate package metadata for `aiida-core==2.6.2.post0 @ editable+.`
  Caused by: Failed to resolve requirements from `build-system.requires`
  Caused by: No solution found when resolving: `flit-core>=3.4, <4`
  Caused by: Failed to fetch: `https://pypi.org/simple/flit-core/`
  Caused by: Could not connect, are you offline?
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/flit-core/)
  Caused by: client error (Connect)
  Caused by: dns error: failed to lookup address information: Temporary failure in name resolution
  Caused by: failed to lookup address information: Temporary failure in name resolution

EDIT: Indeed, this is a known issue when using dynamic metadata (such as version in our case) in `pyproject.toml: astral-sh/uv-pre-commit#35

[danielhollas]

This might get resolved in next uv version: astral-sh/uv#10622

[danielhollas]

I notified the uv maintainers about the issue that blocks this PR and they already replied and it looks like it might not be difficult to fix. Other people are hitting the same issue as well so let wait a bit for the next release. astral-sh/uv#10689

[danielhollas]

Unrelated change, this was throwing a warning in CI jobs.

[khsrali]

Thanks a lot @danielhollas

Do we need to update also here? .github/workflows/test-install.yml (where you have astral-sh/[email protected])

Is it possible to simplify this, somehow?
Right now, this has to be updated manually in like 4 places...
Maybe one idea could be to have a hook on pre-commit to read the required version from pyproject.toml and if that doesn't match with other places (action.yml, .readthedocs.yml, etc), would automatically update them.

[danielhollas]

Do we need to update also here? .github/workflows/test-install.yml (where you have astral-sh/[email protected])

Good catch. In this case, I opted to simply always install the latest uv version, since we only use it to uv pip install utils/requirements.txt (i.e. no lockfile operations) so installing latest should be safe.

[danielhollas]

Is it possible to simplify this, somehow?

I've created #6721 as a follow-up, since it is not immediately clear how to improve this, and I don't want to block this PR since it is a clear improvement over status quo. I do agree it's not ideal, but also don't see it as a huge deal. Let's discuss in #6721.

[khsrali]

Thanks @danielhollas for opening the issue #6721
I agree and LGTM! :)

[agoscinski]

why do we use here latest and not version 0.5.22 as in the install-aiida-core action. Also in that action python-version: ${{ inputs.python-version }} is specified. Should we add here also a python-version: 3.11 ?

[danielhollas]

Please see: #6699 (comment)

We're only using the uv pip install interface here so we can keep things simple.

[danielhollas]

Also in that action python-version: ${{ inputs.python-version }} is specified. Should we add here also a python-version: 3.11 ?

In the actions case, specifying the python version is needed because it has a side-effect of automatically activating the virtual environment. Again, this is not needed here we can keep things simple and not duplicate the python version information.

[agoscinski]

I see thanks for the clarification

[agoscinski]

Thanks for the work!

[agoscinski]

Sorry I did not notice this till now: Why do we accept also version 0.5.21 but bump in the other places the version to 0.5.22? I noticed that the version had be increased for some fixes. Are these fixes already included in 0.5.21?

[danielhollas]

Yes, all the fixes are in 0.5.21. We don't need to bump the minimum supported version unless really needed.