Update deps and move to uv (vercel) #104
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the 📝 WalkthroughWalkthroughThis PR transitions the project from Poetry to setuptools-based package management, updates Python from 3.10 to 3.12, adopts uv for dependency installation in CI workflows, and broadens branch targets to include staging alongside main. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v3 | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v4 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Pull request overview
This PR migrates the project's dependency management from Poetry to standard Python packaging tools (pyproject.toml with setuptools) and updates the CI/CD workflow accordingly. The changes also include minor code cleanup and Python version updates.
- Converted from Poetry-based dependency management to PEP 621 standard
pyproject.tomlformat - Updated Python version requirement from 3.10 to 3.12 and added support for 3.13
- Migrated CI/CD workflow to use
uvpackage installer and updated GitHub Actions versions
Reviewed changes
Copilot reviewed 3 out of 7 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pyproject.toml | Converted from Poetry format to PEP 621 standard format with updated dependencies and Python version constraints |
| api/llm.py | Removed redundant global declaration for ontology variable |
| .github/workflows/python-app.yml | Updated workflow to use uv installer, Python 3.12, staging branch, and newer action versions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| readme = "README.md" | ||
| requires-python = ">=3.12,<3.14" | ||
| dependencies = [ | ||
| "graphrag-sdk>=0.8.1,<0.9.0", |
There was a problem hiding this comment.
The graphrag-sdk dependency no longer includes the 'litellm' extra that was specified in the original Poetry configuration. If the LiteModel functionality in api/llm.py depends on litellm extras, this may cause runtime issues. Verify whether the litellm extra is still needed and update the dependency accordingly.
| "graphrag-sdk>=0.8.1,<0.9.0", | |
| "graphrag-sdk>=0.8.1,<0.9.0", | |
| "litellm>=1.0.0,<2.0.0", |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI Agents
In @pyproject.toml:
- Around line 29-30: The pyproject.toml currently sets packages = [] which
prevents discovery/install of the api and tests packages; update the
[tool.setuptools] configuration so setuptools can find and install packages by
either removing the empty packages entry and adding a
[tool.setuptools.packages.find] section with where = ["."], or replace packages
= [] with an explicit list of package names (e.g., "api", "api.analyzers",
"api.code_coverage", "api.code_coverage.lcov", "api.entities", "api.git_utils",
"tests", "tests.endpoints") so imports like api.* succeed.
🧹 Nitpick comments (1)
pyproject.toml (1)
18-18: Git branch dependency may cause reproducibility issues.The
multilspydependency references a git branch (@python-init-params), which could lead to non-reproducible builds if the branch is updated, force-pushed, or deleted. Consider pinning to a specific commit hash for stability, or document why tracking the branch is intentional.🔎 Example fix: Pin to a commit hash
- "multilspy @ git+https://github.com/AviAvni/multilspy.git@python-init-params", + "multilspy @ git+https://github.com/AviAvni/multilspy.git@<commit-sha>",
📜 Review details
Configuration used: defaults
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
poetry.lockis excluded by!**/*.lockuv.lockis excluded by!**/*.lock
📒 Files selected for processing (5)
.github/dependabot.yml.github/workflows/python-app.ymlapi/llm.pypyproject.tomlrequirements.txt
💤 Files with no reviewable changes (2)
- api/llm.py
- requirements.txt
🧰 Additional context used
🪛 GitHub Check: CodeQL
.github/workflows/python-app.yml
[warning] 23-23: Unpinned tag for a non-immutable Action in workflow
Unpinned 3rd party Action 'Python application' step Uses Step uses 'astral-sh/setup-uv' with ref 'v4', not a pinned commit hash
🔇 Additional comments (4)
.github/dependabot.yml (1)
7-7: LGTM!The target branch update to
stagingaligns with the broader CI changes in this PR..github/workflows/python-app.yml (2)
8-10: LGTM!Branch targets now include both
mainandstaging, consistent with the Dependabot configuration update.
24-31: LGTM!The Python 3.12 setup aligns with
pyproject.toml'srequires-pythonconstraint. Usinguv pip install --systemwith editable install (-e .) is a clean approach that leverages the project's dependencies frompyproject.toml.pyproject.toml (1)
1-7: LGTM!The migration to PEP 621 project metadata format is clean. The Python version constraint (
>=3.12,<3.14) is well-defined and aligns with the CI workflow configuration.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 8 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| readme = "README.md" | ||
| requires-python = ">=3.12,<3.14" | ||
| dependencies = [ | ||
| "graphrag-sdk>=0.8.1,<0.9.0", |
There was a problem hiding this comment.
The graphrag-sdk version has been significantly updated from ^0.5.0 to >=0.8.1,<0.9.0, and the 'litellm' extra was removed. This is a notable version jump that could introduce breaking changes or behavioral differences.
| "graphrag-sdk>=0.8.1,<0.9.0", | |
| "graphrag-sdk[litellm]>=0.5.0,<0.6.0", |
Summary by CodeRabbit
Switch to uv from pip for Vercel support
✏️ Tip: You can customize this high-level summary in your review settings.