Skip to content

feat(cli): add lockfile support to pywrangler sync command#108

Merged
ryanking13 merged 9 commits into
mainfrom
gyeongjae/lockfile-respect
Jun 15, 2026
Merged

feat(cli): add lockfile support to pywrangler sync command#108
ryanking13 merged 9 commits into
mainfrom
gyeongjae/lockfile-respect

Conversation

@ryanking13

@ryanking13 ryanking13 commented May 21, 2026

Copy link
Copy Markdown
Contributor

pywrangler sync will now generate a pylock.toml file that locks the installed packages. Rerunning pywrangler sync will now keep the existing installed versions and will not upgrade packages silently.

Also added --upgrade flag to pywrangler sync which upgrades the packages in the lockfile.

@ryanking13 ryanking13 requested review from dom96, hoodmane and joesepi May 21, 2026 11:46
ask-bonk[bot]
ask-bonk Bot reviewed May 21, 2026
View reviewed changes

@ask-bonk ask-bonk Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm Bonk, and I've done a quick review of your PR.

This PR adds lockfile support (pylock.toml) to pywrangler sync, using uv pip compile to pin dependency versions and a new --upgrade flag to refresh them. Overall the approach is sound. A couple of issues below.

  1. _read_lockfile_requirements will crash with an opaque KeyError on malformed lockfile entries (medium severity)
  2. Private function _get_lockfile_path is imported across module boundaries (low severity)

Comment thread packages/cli/src/pywrangler/resolve.py Outdated
Comment thread packages/cli/src/pywrangler/sync.py Outdated
@ask-bonk

ask-bonk Bot commented May 21, 2026

Copy link
Copy Markdown

Review posted on PR #108. Two issues flagged:

  1. Medium severity: _read_lockfile_requirements at packages/cli/src/pywrangler/resolve.py:109 will crash with a bare KeyError if a [[packages]] entry in pylock.toml is missing name or version. Posted a suggestion to validate entries and skip malformed ones with a warning.

  2. Low severity: _get_lockfile_path is a private function (underscore-prefixed) being imported across module boundaries (sync.py imports it from resolve.py). Suggested renaming to get_lockfile_path to signal it's part of the public API.

github run

@ryanking13
feat(cli): add lockfile support to pywrangler sync command
e71384d 
`pywrangler sync` command now generates a `pylock.toml` file
that locks the installed packages. Rerunning `pywrangler sync`
now keep the existing installed versions and will not upgrade
packages silently.

Also added `--upgrade` flag to `pywrangler sync` which upgrades
the packages in the lockfile.
@ryanking13 ryanking13 force-pushed the gyeongjae/lockfile-respect branch from 2d04385 to e71384d Compare May 26, 2026 05:20
@ryanking13 ryanking13 mentioned this pull request May 26, 2026
Merged
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/resolve.py Outdated
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/resolve.py Outdated
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/resolve.py Outdated
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/resolve.py Outdated
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/sync.py Outdated
hoodmane
hoodmane reviewed Jun 2, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/resolve.py Outdated
dom96
dom96 reviewed Jun 5, 2026
View reviewed changes
Comment thread packages/cli/src/pywrangler/sync.py
Comment thread packages/cli/tests/test_cli.py Outdated
@ryanking13 ryanking13 merged commit 4844aea into main Jun 15, 2026
12 checks passed
@ryanking13 ryanking13 deleted the gyeongjae/lockfile-respect branch June 15, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hoodmane hoodmane hoodmane left review comments

@ask-bonk ask-bonk[bot] ask-bonk[bot] left review comments

@dom96 dom96 dom96 approved these changes

@joesepi joesepi Awaiting requested review from joesepi

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryanking13 @dom96 @hoodmane