Skip to content

supress the .lock file#194

Closed
renecotyfanboy wants to merge 3 commits intomasterfrom
suppress-lock-file
Closed

supress the .lock file#194
renecotyfanboy wants to merge 3 commits intomasterfrom
suppress-lock-file

Conversation

@renecotyfanboy
Copy link
Copy Markdown
Collaborator

@renecotyfanboy renecotyfanboy commented Mar 30, 2026

Hi, I saw a bunch of Dependabot-triggered pull requests, and they are mostly linked to the .lock file. I am pretty sure this file is not needed in the ChainConsumer codebase as uv should be able to build a working environment in the CI on its own.
WDYT @Samreay ?

@renecotyfanboy renecotyfanboy requested a review from Samreay March 30, 2026 10:22
Samreay
Samreay reviewed Mar 30, 2026
View reviewed changes
.github/workflows/deploy.yml
python-version: ${{ matrix.python-version }}

- name: Install the project
run: uv sync --locked --all-extras --dev
Copy link
Copy Markdown
Owner

@Samreay Samreay Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove the lock? If we want less noisy emails about dependency versions which dont matter (agreed) the dependabot is a github configured bot that I can (and have) turned off in the settings. It'd be good to keep the lock file as a record of a fully-resolving environment that worked, especially for any future development experience and replicating dev envs.

Copy link
Copy Markdown
Collaborator Author

@renecotyfanboy renecotyfanboy Mar 30, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be good to keep the lock file as a record of a fully-resolving environment that worked

This seems to be a good argument. Let's keep it that way

@renecotyfanboy
Copy link
Copy Markdown
Collaborator Author

renecotyfanboy commented Mar 30, 2026

Just for the record, arviz is undergoing a major refactor with 1.0.0, I proof-tested ChainConsumer against it and it seemed to work from the user side. I was able to catch a bug that will occur in the test CI when Arviz bumps to 1.0 in the dev / CI environment, but this is an easy fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Samreay Samreay Samreay left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@renecotyfanboy @Samreay