Skip to content

Migrate project dependency management from Pipenv to uv #1231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Strift merged 4 commits into from
May 25, 2026
Merged

Migrate project dependency management from Pipenv to uv #1231

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
07f8086
feat(proj): migrate project dependency management from Pipenv to uv
DhavalGojiya May 24, 2026
9be0e9f
fix: handle Dockerfile build issue when uv sync runs without project …
DhavalGojiya May 24, 2026
086968c
fix(security): Disable uv cache in pypi release workflow
DhavalGojiya May 24, 2026
b16aa4d
chore: Pin twine version to 6.2.0 in pypi release workflow
DhavalGojiya May 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions .github/workflows/documentation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,36 +25,44 @@ env:
jobs:
build:
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
lfs: true

- name: Setup Github Pages
uses: actions/configure-pages@v5

- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.9"
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: |
pipenv install --dev --python=3.9 --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: Build docs
run: |
pipenv run sphinx-apidoc -f -o docs meilisearch/
pipenv run sphinx-build docs ./docs/_build/html/
uv run --only-group docs sphinx-apidoc -f -o docs meilisearch/
uv run --only-group docs sphinx-build docs ./docs/_build/html/
# CNAME file is required for GitHub pages custom domain
- name: Create CNAME file
run: |
echo "$CUSTOM_DOMAIN" > ./docs/_build/html/CNAME
echo "Created CNAME in ./docs/_build/html/: $CUSTOM_DOMAIN"

- name: Upload artifacts
uses: actions/upload-pages-artifact@v3
with:
path: "./docs/_build/html"

deploy:
needs: build
environment:
Expand Down
20 changes: 14 additions & 6 deletions .github/workflows/pre-release-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,28 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
name: integration-tests-against-rc
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: ${{ matrix.python-version }}
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=${{ matrix.python-version }} --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: Get the latest Meilisearch RC
run: echo "MEILISEARCH_VERSION=$(curl https://raw.githubusercontent.com/meilisearch/integration-guides/main/scripts/get-latest-meilisearch-rc.sh | bash)" >> $GITHUB_ENV

- name: Meilisearch (${{ env.MEILISEARCH_VERSION }}) setup with Docker
run: docker run -d -p 7700:7700 getmeili/meilisearch-enterprise:${{ env.MEILISEARCH_VERSION }} meilisearch --master-key=masterKey --no-analytics

- name: Test with pytest
run: pipenv run pytest
run: uv run pytest
23 changes: 14 additions & 9 deletions .github/workflows/pypi-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,30 @@ on:
jobs:
deploy:
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.9"
cache: "pipenv"

- name: Check release validity
run: sh .github/scripts/check-release.sh
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: |
pipenv install
pipenv run pip3 install build setuptools wheel twine

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"
Comment thread
coderabbitai[bot] marked this conversation as resolved.

- name: Build and publish
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: "pypi-${{ secrets.PYPI_API_TOKEN }}"
run: |
pipenv run python3 -m build
pipenv run twine upload dist/*
uv build
uv run --with=twine -- twine upload dist/*

@coderabbitai coderabbitai Bot May 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

ls -la .github/workflows || true
sed -n '1,140p' .github/workflows/pypi-publish.yml | nl -ba

Repository: meilisearch/meilisearch-python

Length of output: 647

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "---- pypi-publish.yml (full) ----"
cat -n .github/workflows/pypi-publish.yml | sed -n '1,200p'

Repository: meilisearch/meilisearch-python

Length of output: 1163

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find all usages of PyPI API token / twine password
rg -n "PYPI_API_TOKEN|TWINE_PASSWORD|TWINE_USERNAME|twine upload|trusted publishing|oidc|OIDC" .github/workflows -S || true

# Look for uv cache-related hardening/controls
rg -n "UV_CACHE|cache|setup-uv|astral-sh/setup-uv|cache-poison" .github/workflows -S || true

# Also scan any mentioned scripts
rg -n "trusted publishing|oidc|twine|TWINE_PASSWORD|PYPI_API_TOKEN" .github/scripts -S || true

Repository: meilisearch/meilisearch-python

Length of output: 1289

Switch PyPI publishing to OIDC trusted publishing (stop using PYPI_API_TOKEN for TWINE_PASSWORD).

The workflow uploads with TWINE_USERNAME: __token__ and TWINE_PASSWORD: "pypi-${{ secrets.PYPI_API_TOKEN }}", which requires a long-lived secret; using PyPI Trusted Publishing (OIDC) would avoid secret injection and reduce exposure/rotation burden.

🧰 Tools
🪛 zizmor (1.25.2)

[info] 37-37: prefer trusted publishing for authentication (use-trusted-publishing): this command

(use-trusted-publishing)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pypi-publish.yml around lines 36 - 37, Replace the current
secret-based upload (TWINE_USERNAME: __token__, TWINE_PASSWORD: pypi-${{
secrets.PYPI_API_TOKEN }}) and the direct twine invocation in the step that runs
"uv run --with=twine -- twine upload dist/*" with an OIDC-based publish flow:
stop setting TWINE_PASSWORD from secrets.PYPI_API_TOKEN, enable id-token: write
and packages: write in the workflow permissions, and use an OIDC-capable
publisher (for example, switch to the pypa/gh-action-pypi-publish action with
use_oidc: true or request an OIDC token and feed that token to TWINE_PASSWORD)
so the twine upload step no longer depends on the long-lived
secrets.PYPI_API_TOKEN value.

@DhavalGojiya DhavalGojiya May 24, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switch PyPI publishing to OIDC trusted publishing (stop using PYPI_API_TOKEN for TWINE_PASSWORD).

@curquiza We should really consider switching to OIDC trusted publishing for publishing the project to PyPI in the near future, given the many supply chain and security attacks happening nowadays.

@coderabbitai coderabbitai Bot May 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

@Strift Strift May 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #1232

91 changes: 61 additions & 30 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,89 +18,120 @@ jobs:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
name: integration-tests
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: ${{ matrix.python-version }}
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=${{ matrix.python-version }} --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: Meilisearch (latest version) setup with Docker
run: docker run -d -p 7700:7700 getmeili/meilisearch-enterprise:latest meilisearch --no-analytics --master-key=masterKey

- name: Test with pytest
run: pipenv run pytest --cov-report=xml
run: uv run pytest --cov-report=xml

pylint:
name: pylint
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: "3.9"
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=3.9 --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: Linter with pylint
run: pipenv run pylint meilisearch tests
run: uv run pylint meilisearch tests

mypy:
name: mypy
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=3.9 --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: mypy type check
run: pipenv run mypy meilisearch
run: uv run mypy meilisearch

black:
name: black
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=3.9 --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

Comment thread
coderabbitai[bot] marked this conversation as resolved.
- name: black
run: pipenv run black meilisearch tests --check
run: uv run black meilisearch tests --check

isort:
name: isort
runs-on: ubuntu-latest
env:
PYTHONUNBUFFERED: 1
UV_PYTHON: "3.9"
UV_LOCKED: 1
steps:
- uses: actions/checkout@v6

- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
cache: "pipenv"
- name: Install pipenv
run: pip install pipenv
- name: Install dependencies
run: pipenv install --dev --python=3.9 --deploy

- name: Install uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
version: "0.11.16"

- name: isort
run: pipenv run isort meilisearch tests --check-only
run: uv run isort meilisearch tests --check-only
Comment thread
coderabbitai[bot] marked this conversation as resolved.

yaml-lint:
name: Yaml linting check
Expand Down
9 changes: 1 addition & 8 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,16 +96,9 @@ target/
profile_default/
ipython_config.py

# pyenv
# uv
.python-version

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/

Expand Down
16 changes: 8 additions & 8 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ You can set up your local environment natively or using `docker`, check out the

Example of running all the checks with docker:
```bash
docker-compose run --rm package bash -c "pipenv install --dev && pipenv run mypy meilisearch && pipenv run pylint meilisearch tests && pipenv run pytest tests"
docker-compose run --rm package bash -c "uv run mypy meilisearch && uv run pylint meilisearch tests && uv run pytest tests"
```

To install dependencies:

```bash
pipenv install --dev
uv sync
```

### Tests and Linter <!-- omit in toc -->
Expand All @@ -62,23 +62,23 @@ Your PR also needs to be formatted using black and isort.
# Tests
curl -L https://install.meilisearch.com | sh # download Meilisearch
./meilisearch --master-key=masterKey --no-analytics # run Meilisearch
pipenv run pytest tests
uv run pytest tests
# MyPy
pipenv run mypy meilisearch
uv run mypy meilisearch
# Linter
pipenv run pylint meilisearch tests
uv run pylint meilisearch tests
# Black
pipenv run black meilisearch tests
uv run black meilisearch tests
# Isort
pipenv run isort meilisearch tests
uv run isort meilisearch tests
```

Optionally tox can be used to run test on all supported version of Python, mypy, and linting.

```bash
docker pull getmeili/meilisearch:latest # Fetch the latest version of Meilisearch image from Docker Hub
docker run -p 7700:7700 getmeili/meilisearch:latest meilisearch --master-key=masterKey --no-analytics
pipenv run tox
uv run tox
```

To check if your `yaml` files are correctly formatted, you need to [install yamllint](https://yamllint.readthedocs.io/en/stable/quickstart.html#installing-yamllint) and then run `yamllint .`
Expand Down
12 changes: 7 additions & 5 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
FROM python:3.9-buster

COPY Pipfile .
COPY Pipfile.lock .
COPY pyproject.toml .
COPY uv.lock .
Comment thread
coderabbitai[bot] marked this conversation as resolved.

RUN apt-get update -y
Comment thread
Strift marked this conversation as resolved.

# Install pipenv and compilation dependencies
RUN pip3 install pipenv
RUN pipenv install --dev
# Install uv
COPY --from=ghcr.io/astral-sh/uv:0.11.16 /uv /uvx /bin/

# Install dependencies
RUN uv sync --frozen
27 changes: 0 additions & 27 deletions Pipfile
View file
Open in desktop

This file was deleted.

Loading
Loading