Zanie Blue
8093dfcaa9
Add a system test for the chainguard Python image ( #18460 )
...
Should require https://github.com/astral-sh/uv/pull/18457
2026-03-20 13:13:43 -05:00
Zanie Blue
cedae1aa42
Trigger system tests when the system check file changes ( #18590 )
...
Co-authored-by: Claude <noreply@anthropic.com >
2026-03-20 16:22:01 +00:00
Zanie Blue
04bbd6a6ab
Trigger benchmarks when bench workflow changes ( #18589 )
...
Co-authored-by: Claude <noreply@anthropic.com >
2026-03-20 16:19:09 +00:00
Zanie Blue
1597e9f96c
Use a Depot runner for simulated benchmarks ( #18585 )
...
Hopefully, this means we will get consistent hardware and improve
stability
2026-03-20 12:28:10 +00:00
Zanie Blue
f13abc388e
Use a Termux image with Python pre-installed instead ( #18573 )
...
Created at https://github.com/astral-sh/termux-python
Termux's package repositories seem to be horribly unstable.
2026-03-19 20:59:13 +00:00
Zanie Blue
c541a91c85
Add a test case for armv7 uv on aarch64 ( #18532 )
...
Reproduces https://github.com/astral-sh/uv/issues/18509
Related https://github.com/astral-sh/uv/pull/18517
Requires #18530
2026-03-18 18:59:47 -05:00
Zanie Blue
42c85f654f
Add support for using Python 3.6 interpreters ( #18454 )
...
Applies a patch to use Python 3.6 compatible types in our vendored
`packaging` implementation used in the interpreter query script. Adds
Python 3.6 and 3.7 test coverage in CI.
2026-03-18 18:33:30 -05:00
renovate[bot]
165b63d09e
Update docker/metadata-action action to v6 ( #18501 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/metadata-action](https://redirect.github.com/docker/metadata-action )
| action | major | `v5.10.0` → `v6.0.0` |
---
### Release Notes
<details>
<summary>docker/metadata-action (docker/metadata-action)</summary>
###
[`v6.0.0`](https://redirect.github.com/docker/metadata-action/releases/tag/v6.0.0 )
[Compare
Source](https://redirect.github.com/docker/metadata-action/compare/v5.10.0...v6.0.0 )
- Node 24 as default runtime (requires [Actions Runner
v2.327.1](https://redirect.github.com/actions/runner/releases/tag/v2.327.1 )
or later) by [@​crazy-max](https://redirect.github.com/crazy-max )
in
[#​605](https://redirect.github.com/docker/metadata-action/pull/605 )
- List inputs now preserve `#` inside values while still supporting
full-line `#` comments by
[@​crazy-max](https://redirect.github.com/crazy-max ) in
[#​607](https://redirect.github.com/docker/metadata-action/pull/607 )
- Switch to ESM and update config/test wiring by
[@​crazy-max](https://redirect.github.com/crazy-max ) in
[#​602](https://redirect.github.com/docker/metadata-action/pull/602 )
- Bump lodash from 4.17.21 to 4.17.23 in
[#​588](https://redirect.github.com/docker/metadata-action/pull/588 )
- Bump [@​actions/core](https://redirect.github.com/actions/core )
from 1.11.1 to 3.0.0 in
[#​599](https://redirect.github.com/docker/metadata-action/pull/599 )
- Bump
[@​actions/github](https://redirect.github.com/actions/github )
from 6.0.1 to 9.0.0 in
[#​597](https://redirect.github.com/docker/metadata-action/pull/597 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.68.0 to 0.79.0 in
[#​604](https://redirect.github.com/docker/metadata-action/pull/604 )
- Bump
[@​isaacs/brace-expansion](https://redirect.github.com/isaacs/brace-expansion )
from 5.0.0 to 5.0.1 in
[#​600](https://redirect.github.com/docker/metadata-action/pull/600 )
- Bump semver from 7.7.3 to 7.7.4 in
[#​603](https://redirect.github.com/docker/metadata-action/pull/603 )
**Full Changelog**:
<https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-18 13:26:49 +00:00
renovate[bot]
a47ae0cd35
Update docker/login-action action to v4 ( #18500 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [docker/login-action](https://redirect.github.com/docker/login-action )
| action | major | `v3.7.0` → `v4.0.0` |
---
### Release Notes
<details>
<summary>docker/login-action (docker/login-action)</summary>
###
[`v4.0.0`](https://redirect.github.com/docker/login-action/releases/tag/v4.0.0 )
[Compare
Source](https://redirect.github.com/docker/login-action/compare/v3.7.0...v4.0.0 )
- Node 24 as default runtime (requires [Actions Runner
v2.327.1](https://redirect.github.com/actions/runner/releases/tag/v2.327.1 )
or later) by [@​crazy-max](https://redirect.github.com/crazy-max )
in
[#​929](https://redirect.github.com/docker/login-action/pull/929 )
- Switch to ESM and update config/test wiring by
[@​crazy-max](https://redirect.github.com/crazy-max ) in
[#​927](https://redirect.github.com/docker/login-action/pull/927 )
- Bump [@​actions/core](https://redirect.github.com/actions/core )
from 1.11.1 to 3.0.0 in
[#​919](https://redirect.github.com/docker/login-action/pull/919 )
- Bump
[@​aws-sdk/client-ecr](https://redirect.github.com/aws-sdk/client-ecr )
from 3.890.0 to 3.1000.0 in
[#​909](https://redirect.github.com/docker/login-action/pull/909 )
[#​920](https://redirect.github.com/docker/login-action/pull/920 )
- Bump
[@​aws-sdk/client-ecr-public](https://redirect.github.com/aws-sdk/client-ecr-public )
from 3.890.0 to 3.1000.0 in
[#​909](https://redirect.github.com/docker/login-action/pull/909 )
[#​920](https://redirect.github.com/docker/login-action/pull/920 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.63.0 to 0.77.0 in
[#​910](https://redirect.github.com/docker/login-action/pull/910 )
[#​928](https://redirect.github.com/docker/login-action/pull/928 )
- Bump
[@​isaacs/brace-expansion](https://redirect.github.com/isaacs/brace-expansion )
from 5.0.0 to 5.0.1 in
[#​921](https://redirect.github.com/docker/login-action/pull/921 )
- Bump js-yaml from 4.1.0 to 4.1.1 in
[#​901](https://redirect.github.com/docker/login-action/pull/901 )
**Full Changelog**:
<https://github.com/docker/login-action/compare/v3.7.0...v4.0.0 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-18 08:15:40 -05:00
Zanie Blue
17afca33e9
Upgrade the release build runners from Windows 2022 -> 2025 ( #18528 )
...
Needed for WinGet in #17543
The `windows-latest` label already changed
https://github.blog/changelog/2025-07-31-github-actions-new-apis-and-windows-latest-migration-notice/
I don't think this should affect users.
2026-03-17 15:13:20 -05:00
renovate[bot]
ebdd2bf4b9
Update zizmorcore/zizmor-action action to v0.5.2 ( #18496 )
2026-03-16 14:44:10 -04:00
renovate[bot]
6bde8a4e63
Update taiki-e/install-action action to v2.68.25 ( #18495 )
2026-03-16 14:43:54 -04:00
renovate[bot]
d52c38980f
Update dependency astral-sh/uv to v0.10.10 ( #18489 )
2026-03-16 14:41:43 -04:00
renovate[bot]
59123af42a
Update CodSpeedHQ/action action to v4.11.1 ( #18488 )
2026-03-16 14:41:37 -04:00
renovate[bot]
24d81d2bf4
Update astral-sh/setup-uv action to v7.6.0 ( #18515 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 17:19:45 +00:00
Zanie Blue
34f967310f
Add an integration test for Intel conda ( #18461 )
...
Reproduces #14267 — see
https://github.com/astral-sh/uv/actions/runs/23076175099/job/67037153580
Which is resolved by https://github.com/astral-sh/uv/pull/18452 — see
https://github.com/astral-sh/uv/actions/runs/23090030294/job/67074278041
2026-03-14 17:57:49 +00:00
Zanie Blue
9753c0991b
Run the integration tests on changes ( #18465 )
2026-03-13 17:45:24 -05:00
Zanie Blue
91b73925e2
Run macOS tests whenever we build release binaries ( #18458 )
2026-03-13 19:47:01 +00:00
renovate[bot]
afd816f3cd
Update astral-sh/setup-uv action to v7.5.0 ( #18432 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | minor | `v7.3.1` → `v7.5.0` |
---
### Release Notes
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v7.5.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.5.0 ):
🌈 Use `astral-sh/versions` as version provider
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.4.0...v7.5.0 )
### No more rate-limits
This release addresses a long-standing source of timeouts and rate-limit
failures in setup-uv.
Previously, the action resolved version identifiers like 0.5.x by
iterating over available uv releases via the GitHub API to find the best
match. In contrast, latest and exact versions such as 0.5.0 skipped
version resolution entirely and downloaded uv directly.
The `manifest-file` input was an earlier attempt to improve this. It
allows providing an url to a file that lists available versions,
checksums, and even custom download URLs. The action also shipped with
such a manifest.
However, because that bundled file could become outdated whenever new uv
releases were published, the action still had to fall back to the GitHub
API in many cases.
This release solves the problem by sourcing version data from Astral’s
versions repository via the raw content endpoint:
<https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson >
By using the raw endpoint instead of the GitHub API, version resolution
no longer depends on API authentication and is much less likely to run
into rate limits or timeouts.
***
> \[!TIP]
> The next section is only interesting for users of the `manifest-file`
input
The `manifest-file` input lets you override that source with your own
URL, for example to test custom uv builds or alternate download
locations.
The manifest file must be in NDJSON format, where each line is a JSON
object representing a version and its artifacts. For example:
```json
{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz ","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz ","archive_format":"tar.gz","sha256":"..."}]}
```
> \[!WARNING]\
> The old format still works but is deprecated. A warning will be logged
when you use it.
#### Changes
- docs: replace copilot instructions with AGENTS.md
[@​eifinger](https://redirect.github.com/eifinger )
([#​794](https://redirect.github.com/astral-sh/setup-uv/issues/794 ))
#### 🚀 Enhancements
- Use astral-sh/versions as primary version provider
[@​eifinger](https://redirect.github.com/eifinger )
([#​802](https://redirect.github.com/astral-sh/setup-uv/issues/802 ))
#### 📚 Documentation
- docs: add cross-client dependabot rollup skill
[@​eifinger](https://redirect.github.com/eifinger )
([#​793](https://redirect.github.com/astral-sh/setup-uv/issues/793 ))
###
[`v7.4.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.4.0 ):
🌈 Add riscv64 architecture support to platform detection
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.3.1...v7.4.0 )
##### Changes
Thank you [@​luhenry](https://redirect.github.com/luhenry ) for
adding support for riscv64 arch
##### 🚀 Enhancements
- Add riscv64 architecture support to platform detection
[@​luhenry](https://redirect.github.com/luhenry )
([#​791](https://redirect.github.com/astral-sh/setup-uv/issues/791 ))
##### 🧰 Maintenance
- Delete .github/workflows/dependabot-build.yml
[@​eifinger](https://redirect.github.com/eifinger )
([#​789](https://redirect.github.com/astral-sh/setup-uv/issues/789 ))
- Harden Dependabot build workflow
[@​eifinger](https://redirect.github.com/eifinger )
([#​788](https://redirect.github.com/astral-sh/setup-uv/issues/788 ))
- Fix: check PR author instead of event sender for Dependabot detection
[@​eifinger-bot](https://redirect.github.com/eifinger-bot )
([#​787](https://redirect.github.com/astral-sh/setup-uv/issues/787 ))
- chore: update known checksums for 0.10.9
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​783](https://redirect.github.com/astral-sh/setup-uv/issues/783 ))
- Add workflow to auto-build dist on Dependabot PRs
[@​eifinger-bot](https://redirect.github.com/eifinger-bot )
([#​782](https://redirect.github.com/astral-sh/setup-uv/issues/782 ))
- chore: update known checksums for 0.10.8
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​779](https://redirect.github.com/astral-sh/setup-uv/issues/779 ))
- chore: update known checksums for 0.10.7
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​775](https://redirect.github.com/astral-sh/setup-uv/issues/775 ))
##### ⬆️ Dependency updates
- chore(deps): bump versions
[@​eifinger](https://redirect.github.com/eifinger )
([#​792](https://redirect.github.com/astral-sh/setup-uv/issues/792 ))
- Bump actions/setup-node from 6.2.0 to 6.3.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​790](https://redirect.github.com/astral-sh/setup-uv/issues/790 ))
- Bump eifinger/actionlint-action from 1.10.0 to 1.10.1
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​778](https://redirect.github.com/astral-sh/setup-uv/issues/778 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 07:51:23 +00:00
Zanie Blue
273d29b8f2
Allow snapshots to be updated from failures in CI ( #18424 )
...
Persists snapshots as artifacts on test failure in CI and adds a script
to apply them locally
```
❯ ./scripts/apply-ci-snapshots.sh
Found pull request #18424 for branch 'zb/ci-snapshots'...
Found latest CI run 23022983761
Downloading pending snapshot artifacts...
Downloaded 3 artifacts
Applying 2 snapshot changes...
accepted:
crates/uv/tests/it/pip_install.rs:13679 (transitive_dependency_config_settings_invalidation-2)
crates/uv/tests/it/python_install.rs:1694 (python_install_default-5)
```
We infer the target run via the `gh` CLI. You may also provide the run
ID directly.
We'll merge snapshot artifacts from multiple platforms, so if there are
platform-specific failures on both Linux and Windows we'll apply both.
2026-03-12 17:13:28 -05:00
messense
91823b6c11
Add riscv64 musl target to build-release-binaries workflow ( #18228 )
...
## Summary
Closes #16063
## Test Plan
Test on GitHub Actions:
https://github.com/astral-sh/uv/actions/runs/22535106542/job/65281038532?pr=18228
2026-03-10 11:36:46 +01:00
renovate[bot]
e4a4e75e77
Update actions/attest-build-provenance action to v4 ( #18382 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance )
| action | major | `v3.2.0` → `v4.1.0` |
---
### Release Notes
<details>
<summary>actions/attest-build-provenance
(actions/attest-build-provenance)</summary>
###
[`v4.1.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v4.1.0 )
[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0 )
> \[!NOTE]
> As of version 4, `actions/attest-build-provenance` is simply a wrapper
on top of
[`actions/attest`](https://redirect.github.com/actions/attest ).
>
> Existing applications may continue to use the
`attest-build-provenance` action, but new implementations should use
`actions/attest` instead.
#### What's Changed
- Update RELEASE.md docs by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[#​836](https://redirect.github.com/actions/attest-build-provenance/pull/836 )
- Bump `actions/attest` from 4.0.0 to 4.1.0 by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[#​838](https://redirect.github.com/actions/attest-build-provenance/pull/838 )
- Bump `@actions/attest` from 3.0.0 to 3.1.0 by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[actions/attest#362 ](https://redirect.github.com/actions/attest/pull/362 )
- Bump `@actions/attest` from 3.1.0 to 3.2.0 by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[actions/attest#365 ](https://redirect.github.com/actions/attest/pull/365 )
- Add new `subject-version` input for inclusion in storage record by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[actions/attest#364 ](https://redirect.github.com/actions/attest/pull/364 )
- Add storage record content to README by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[actions/attest#366 ](https://redirect.github.com/actions/attest/pull/366 )
**Full Changelog**:
<https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0 >
###
[`v4.0.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v4.0.0 )
[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0 )
> \[!NOTE]
> As of version 4, `actions/attest-build-provenance` is simply a wrapper
on top of
[`actions/attest`](https://redirect.github.com/actions/attest ).
>
> Existing applications may continue to use the
`attest-build-provenance` action, but new implementations should use
`actions/attest` instead.
#### What's Changed
- Prepare v4 release by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[#​835](https://redirect.github.com/actions/attest-build-provenance/pull/835 )
**Full Changelog**:
<https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-09 21:01:57 +08:00
renovate[bot]
50d5d89079
Update taiki-e/install-action action to v2.68.16 ( #18381 )
2026-03-08 22:47:13 -04:00
renovate[bot]
a653c3d09c
Update crate-ci/typos action to v1.44.0 ( #18379 )
2026-03-08 22:46:57 -04:00
renovate[bot]
cf668efe84
Update CodSpeedHQ/action action to v4.11.0 ( #18378 )
2026-03-08 22:46:49 -04:00
renovate[bot]
0a17ba5406
Update dependency astral-sh/uv to v0.10.9 ( #18374 )
2026-03-08 22:44:34 -04:00
Zanie Blue
8fedd25b41
Use uv 0.10.8 for internal workflows ( #18354 )
...
This should resolve GitHub Python download flakes
2026-03-06 19:45:40 +00:00
Zanie Blue
9345450b4c
Use cargo auditable to include SBOM in uv builds ( #18276 )
...
Inspired by #18252
This required an upstream change
https://github.com/rust-secure-code/cargo-auditable/pull/245 which is
now released.
This increases binary sizes slightly, ~4KB.
The cargo wrapper implementation will be extended in #18280 to code sign
binaries.
2026-03-06 11:38:02 -06:00
Zanie Blue
a13ba947c9
Add a development build of aarch64-linux-android to CI ( #18333 )
...
Part of https://github.com/astral-sh/uv/issues/14574
Adds a cross-compiled build for the `aarch64-linux-android` target using
the Android NDK available on the runner.
Requires #18324
2026-03-06 16:45:20 +00:00
Zanie Blue
bb8970a982
Add a Termux integration test ( #18332 )
...
After this, I want to figure out how to unify more of the smoke, system,
and integration tests, but this seems like a sufficient start for Termux
testing.
2026-03-06 16:44:16 +00:00
Zanie Blue
ccd1ea99ae
Skip building of dhi images in contributor pull requests ( #18330 )
...
These require authentication to pull.
2026-03-06 10:22:41 -06:00
renovate[bot]
686f43e67e
Update PyO3/maturin-action action to v1.50.1 ( #18343 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [PyO3/maturin-action](https://redirect.github.com/PyO3/maturin-action )
| action | patch | `v1.50.0` → `v1.50.1` |
---
### Release Notes
<details>
<summary>PyO3/maturin-action (PyO3/maturin-action)</summary>
###
[`v1.50.1`](https://redirect.github.com/PyO3/maturin-action/releases/tag/v1.50.1 )
[Compare
Source](https://redirect.github.com/PyO3/maturin-action/compare/v1.50.0...v1.50.1 )
##### What's Changed
- Remove ziglang bound by
[@​konstin](https://redirect.github.com/konstin ) in
[#​418](https://redirect.github.com/PyO3/maturin-action/pull/418 )
- Try reactivating Windows ARM by
[@​konstin](https://redirect.github.com/konstin ) in
[#​419](https://redirect.github.com/PyO3/maturin-action/pull/419 )
**Full Changelog**:
<https://github.com/PyO3/maturin-action/compare/v1...v1.50.1 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-06 15:26:48 +01:00
renovate[bot]
95bc471164
Update maturin to v1.12.6 ( #18342 )
...
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [maturin](https://redirect.github.com/PyO3/maturin ) | patch |
`v1.12.4` → `v1.12.6` |
---
### Release Notes
<details>
<summary>PyO3/maturin (maturin)</summary>
###
[`v1.12.6`](https://redirect.github.com/PyO3/maturin/releases/tag/v1.12.6 )
[Compare
Source](https://redirect.github.com/PyO3/maturin/compare/v1.12.5...v1.12.6 )
##### What's Changed
- Sync legacy\_py.rs with upstream PyPI warehouse legacy.py
([#​3053](https://redirect.github.com/PyO3/maturin/pull/3053 ))
- Keep cargo build artifact at original path after staging
([#​3054](https://redirect.github.com/PyO3/maturin/pull/3054 ))
**Full Changelog**:
<https://github.com/PyO3/maturin/compare/v1.12.5...v1.12.6 >
###
[`v1.12.5`](https://redirect.github.com/PyO3/maturin/releases/tag/v1.12.5 )
[Compare
Source](https://redirect.github.com/PyO3/maturin/compare/v1.12.4...v1.12.5 )
##### What's Changed
- feat: include debug info files (.pdb, .dSYM, .dwp) in wheels by
[@​messense](https://redirect.github.com/messense ) in
[#​3024](https://redirect.github.com/PyO3/maturin/pull/3024 )
- Fix wrong abi3 tag for conditional cargo features enabled pyo3 abi3
feature by [@​messense](https://redirect.github.com/messense ) in
[#​3029](https://redirect.github.com/PyO3/maturin/pull/3029 )
- fix: `maturin build --sdist` wheel name/layout for excluded workspace
crates by [@​messense](https://redirect.github.com/messense ) in
[#​3031](https://redirect.github.com/PyO3/maturin/pull/3031 )
- fix: preserve wheel output dir when building from unpacked sdist by
[@​messense](https://redirect.github.com/messense ) in
[#​3036](https://redirect.github.com/PyO3/maturin/pull/3036 )
- feat: add python-implementation condition to conditional features by
[@​messense](https://redirect.github.com/messense ) in
[#​3038](https://redirect.github.com/PyO3/maturin/pull/3038 )
- Update zip to 8.1 by
[@​musicinmybrain](https://redirect.github.com/musicinmybrain ) in
[#​3039](https://redirect.github.com/PyO3/maturin/pull/3039 )
- Use the latest version of github actions by
[@​Armavica](https://redirect.github.com/Armavica ) in
[#​3040](https://redirect.github.com/PyO3/maturin/pull/3040 )
- Use renovate and pinned hashes for GitHub Actions by
[@​konstin](https://redirect.github.com/konstin ) in
[#​3043](https://redirect.github.com/PyO3/maturin/pull/3043 )
- chore(deps): update taiki-e/install-action digest to
[`7410117`](https://redirect.github.com/PyO3/maturin/commit/7410117 ) by
[@​renovate](https://redirect.github.com/renovate )\[bot] in
[#​3046](https://redirect.github.com/PyO3/maturin/pull/3046 )
- Fix non-existent comment tag by
[@​konstin](https://redirect.github.com/konstin ) in
[#​3044](https://redirect.github.com/PyO3/maturin/pull/3044 )
- chore(deps): update dtolnay/rust-toolchain digest to
[`efa25f7`](https://redirect.github.com/PyO3/maturin/commit/efa25f7 ) by
[@​renovate](https://redirect.github.com/renovate )\[bot] in
[#​3045](https://redirect.github.com/PyO3/maturin/pull/3045 )
- chore(deps): update actions/attest-build-provenance action to v4 by
[@​renovate](https://redirect.github.com/renovate )\[bot] in
[#​3047](https://redirect.github.com/PyO3/maturin/pull/3047 )
- Use mmap for faster warn\_missing\_py\_init by
[@​orlp](https://redirect.github.com/orlp ) in
[#​2950](https://redirect.github.com/PyO3/maturin/pull/2950 ), to
be safe we now move the cargo built artifact to `target/maturin` so this
may cause breakage if you rely on it in standard cargo `target/`
location
##### New Contributors
- [@​Armavica](https://redirect.github.com/Armavica ) made their
first contribution in
[#​3040](https://redirect.github.com/PyO3/maturin/pull/3040 )
- [@​renovate](https://redirect.github.com/renovate )\[bot] made
their first contribution in
[#​3046](https://redirect.github.com/PyO3/maturin/pull/3046 )
- [@​orlp](https://redirect.github.com/orlp ) made their first
contribution in
[#​2950](https://redirect.github.com/PyO3/maturin/pull/2950 )
**Full Changelog**:
<https://github.com/PyO3/maturin/compare/v1.12.4...v1.12.5 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYnVpbGQ6c2tpcC1kb2NrZXIiLCJidWlsZDpza2lwLXJlbGVhc2UiLCJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-06 15:26:02 +01:00
Alessandro Molina
6036575324
Handle the hard link limit gracefully instead of failing ( #17699 )
...
## Summary
Handle the case where too many hardlinks were created and thus
installing packages fails.
There are cases where the file system can have a hardlinks limit and
when it's hit `uv` fails,
for example AWS EFS that has a limit of 177 hard links (
https://docs.aws.amazon.com/efs/latest/ug/troubleshooting-efs-fileop-errors.html#hardlinkerror
)
This PR address this by resetting the hardlinks when the limit is
reached (it does this by replacing the file in the cache, so new
hardlinks can be made)
There can be race conditions over the limit, but those are ok, as the
links are reset atomically so in case of race conditions the worst case
will be that the limit is reset twice, but nothing will break.
## Test Plan
Add a `install_hardlink_after_emlink` function, it successfully
reproduced the issue on my system.
The issue is that it's expensive to run as it has to generate a lot of
hardlinks
---------
Co-authored-by: Tomasz Kramkowski <tom@astral.sh >
2026-03-05 23:43:34 +00:00
Zanie Blue
4eed07269b
Use --no-project in graalpy integration test ( #18314 )
2026-03-05 13:01:37 +00:00
Zanie Blue
02e92aed3b
Fix debian system test which was building uv by accident ( #18294 )
2026-03-04 16:38:06 -06:00
Zanie Blue
4ff4720da5
Use uv to manage our Python documentation dependencies ( #18263 )
...
I want to lock our Zig build dependencies and this is an incremental
step towards doing so via uv
2026-03-04 09:52:15 -06:00
Zanie Blue
b9abe15562
Add SBOM attestations to Docker images ( #18252 )
...
Adds SBOM attestations
https://docs.docker.com/build/metadata/attestations/sbom/
Requires https://github.com/rust-secure-code/cargo-auditable/pull/236
for our uv binaries and their dependencies to be included in the SBOM
You can inspect the SBOM with, e.g.:
```
docker buildx imagetools inspect ghcr.io/astral-sh/uv-dev:sha-ece6427 --format '{{json .SBOM}}' | jq
docker buildx imagetools inspect ghcr.io/astral-sh/uv-dev:sha-ece6427-python3.9-trixie --format '{{json .SBOM}}' | jq
```
Also explicitly sets
https://docs.docker.com/build/metadata/attestations/slsa-provenance/#max
but there appears to be no change as all of the max SLSA data is already
present.
2026-03-03 12:14:06 -06:00
Zanie Blue
74fe4a0431
Vendor mold installation and add more retries ( #18271 )
2026-03-03 11:59:58 -06:00
Zanie Blue
18391e295f
Fix Docker build tests when push is disabled ( #18265 )
2026-03-03 10:12:59 -06:00
Zanie Blue
33ae43d341
Add Docker images based on Docker Hardened Images ( #18247 )
2026-03-03 08:45:19 -06:00
Zanie Blue
e0f99d1985
Allow pushing Docker images in pull requests for testing ( #18253 )
...
I need to test features that require push to a registry, e.g., #18252 ,
and want to do so without releasing. This adds publish to a `uv-dev`
namespace and uses the sha instead of the version. It requires the
`release-test` environment, which is allowed from non-main but requires
approval from me to run. It is trigged by the `build:push-docker` label.
See https://github.com/astral-sh/uv/pkgs/container/uv-dev
2026-03-03 07:40:23 -06:00
Zanie Blue
10e84d18ff
Ensure the astral-test-pypa-gh-action test case fails on script bugs ( #18175 )
...
Per https://github.com/astral-sh/uv/pull/18174 this should fail but it
depends on hitting the simple API in the middle of a release being
uploaded.
2026-03-02 08:41:46 -06:00
renovate[bot]
f1caf44bcc
Update crate-ci/typos action to v1.43.5 ( #18234 )
2026-03-01 20:59:27 -05:00
renovate[bot]
29e4faf9eb
Update maturin to v1.12.4 ( #18236 )
2026-03-01 20:54:48 -05:00
renovate[bot]
6aed9d626f
Update dependency astral-sh/uv to v0.10.7 ( #18235 )
2026-03-01 20:54:21 -05:00
renovate[bot]
cd0589a7bd
Update astral-sh/setup-uv action to v7.3.1 ( #18233 )
2026-03-01 20:54:15 -05:00
Zsolt Dollenstein
474eb05634
Build and test Windows aarch64 binaries natively ( #18213 )
...
Previously, aarch64 Windows binaries were cross-compiled on x86_64 hosts
in both build-release-binaries.yml and build-dev-binaries.yml, with the
wheel test steps explicitly skipped for aarch64 targets.
> [!NOTE]
> We need to ensure that the `github-windows-11-aarch64-8` runner exists
in the astral-sh org before this job can run.
Release binaries are now built on `github-windows-11-aarch64-8`, and
tests are enabled.
Dev binaries are now built on `windows-11-arm`, which is a standard
4-core ARM runner, with the timeout reduced from 25 to 10 minutes.
2026-02-27 17:12:13 -06:00
Zsolt Dollenstein
c0e7c21980
Upload extra release artifacts to mirror ( #18219 )
...
@Gankra pointed out that the installer scripts and sha256 checksums are
helpful to also preserve on the mirror.
This is a followup to #18159 .
2026-02-27 20:16:31 +00:00
Zsolt Dollenstein
f84b02b870
installers: Download uv releases from a mirror ( #18191 )
...
Co-authored-by: Aria Desires <aria.desires@gmail.com >
2026-02-27 11:58:00 -05:00