Skip to content

Issue:35 Switch project to use uv#40

Open
kantselovich wants to merge 5 commits intomasterfrom
uv_switch_35
Open

Issue:35 Switch project to use uv#40
kantselovich wants to merge 5 commits intomasterfrom
uv_switch_35

Conversation

@kantselovich
Copy link

@kantselovich kantselovich commented Mar 21, 2026

Migrate project tooling from Poetry to uv

Fixes #35

Purpose

Switch the project from Poetry to uv to speed up local environment setup and CI, and to reduce Poetry-specific packaging and workflow configuration.

Scope

  • migrate pyproject.toml toward standard project metadata and dependency groups
  • replace Poetry commands in CI, Docker, and contributor docs with uv equivalents
  • preserve current extras, editable installs, test workflows, and release/build behavior

Acceptance Criteria

  • local setup is documented with uv
  • CI installs and test jobs run with uv
  • Docker no longer depends on Poetry
  • the project still supports the current dependency extras and CLI entrypoint

@gemini-code-assist
Copy link

gemini-code-assist bot commented Mar 21, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request undertakes a significant migration of the project's Python dependency management system from Poetry to uv. The primary goal is to enhance development efficiency by speeding up local environment setup and continuous integration processes, while also standardizing the project's pyproject.toml configuration. This change aims to streamline workflows and reduce reliance on Poetry-specific tooling, ensuring a more modern and performant dependency management approach.

Highlights

  • Migration to uv: The project's Python dependency management has been migrated from Poetry to uv.
  • Standardized pyproject.toml: The pyproject.toml file has been updated to use standard project metadata and dependency groups, aligning with PEP 621.
  • Updated Tooling Commands: All Poetry-specific commands have been replaced with uv equivalents across documentation, Docker configurations, and development scripts.
  • Performance Improvement: Local environment setup and CI performance are expected to improve significantly due to uv's speed.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files
  • Ignored by pattern: .github/workflows/** (2)
    • .github/workflows/ci.yml
    • .github/workflows/ci_full.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

orca-security-us[bot]
orca-security-us bot reviewed Mar 21, 2026
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 1   info 0 View in Orca
Passed Passed SAST high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Warning Vulnerabilities high 7   medium 3   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
low Pip Install Without Pinned Package Version Dockerfile View in code
☢️ The following Vulnerabilities (CVEs) have been detected
PACKAGE FILE CVE ID INSTALLED VERSION FIXED VERSION
critical deepdiff ./uv.lock CVE-2025-58367 7.0.1 8.6.1 View in code
high deepdiff ./uv.lock CVE-2026-33155 7.0.1 8.6.2 View in code
high mysql-connector-python ./uv.lock CVE-2024-21272 8.0.29 9.1.0 View in code
high orjson ./uv.lock CVE-2025-67221 3.11.5 3.11.6 View in code
high protobuf ./uv.lock CVE-2026-0994 4.25.8 6.33.5, 5.29.6 View in code
high pyjwt ./uv.lock CVE-2026-32597 2.9.0 2.12.0 View in code
high pyopenssl ./uv.lock CVE-2026-27459 25.3.0 26.0.0 View in code
high urllib3 ./uv.lock CVE-2025-66418 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock CVE-2025-66471 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock CVE-2026-21441 1.26.20 2.6.3 View in code

Note: The scan should have failed if no policies were configured in warn-only mode.

@kantselovich kantselovich added the enhancement New feature or request label Mar 21, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 21, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request successfully migrates the project's tooling from Poetry to uv, which should improve performance for local setup and CI. The changes cover updates to pyproject.toml, CI/Docker configurations, and developer documentation. The migration to the standard [project] table in pyproject.toml is well-executed. I've found one critical issue regarding the definition of dependency groups which will prevent development dependencies from being installed correctly. My review includes a suggestion to align it with uv's recommended practice.

pyproject.toml
Comment on lines +40 to +83
[project.optional-dependencies]
preql = ["preql>=0.2.19"]
mysql = ["mysql-connector-python>=8.0.29"]
postgresql = ["psycopg2"]
redshift = ["psycopg2"]
snowflake = ["snowflake-connector-python", "cryptography"]
snowflake = ["snowflake-connector-python>=3.0.2,<4.0.0", "cryptography"]
presto = ["presto-python-client"]
oracle = ["oracledb"]
mssql = ["pyodbc"]
# databricks = ["databricks-sql-connector"]
trino = ["trino"]
mssql = ["pyodbc>=4.0.39"]
trino = ["trino>=0.314.0"]
clickhouse = ["clickhouse-driver"]
vertica = ["vertica-python"]
duckdb = ["duckdb"]
all-dbs = [
"preql", "mysql-connector-python", "psycopg2", "snowflake-connector-python", "cryptography", "presto-python-client",
"oracledb", "pyodbc", "trino", "clickhouse-driver", "vertica-python", "duckdb"
"preql>=0.2.19",
"mysql-connector-python>=8.0.29",
"psycopg2",
"snowflake-connector-python>=3.0.2,<4.0.0",
"cryptography",
"presto-python-client",
"oracledb",
"pyodbc>=4.0.39",
"trino>=0.314.0",
"clickhouse-driver",
"vertica-python",
"duckdb",
]

[tool.poetry.group.dev.dependencies]
pre-commit = ">=3.5.0"
[project.scripts]
data-diff = "data_diff.__main__:main"

[project.urls]
Repository = "https://github.com/GannettDigital/data-diff"

[dependency-groups]
dev = [
"parameterized",
"unittest-parallel",
"ruff>=0.1.4",
"pre-commit>=3.5.0",
]
ci = [
"google-cloud-bigquery<3.0.0",
]
Copy link

@gemini-code-assist gemini-code-assist bot Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The [dependency-groups] table is not a standard part of pyproject.toml (PEP 621) and is not recognized by uv. To define development or CI dependencies that can be installed with uv sync --extra <group>, they should be moved into [project.optional-dependencies]. This will ensure that commands like uv sync --all-extras correctly install all necessary dependencies for development and CI environments as described in CONTRIBUTING.md.

[project.optional-dependencies]
preql = ["preql>=0.2.19"]
mysql = ["mysql-connector-python>=8.0.29"]
postgresql = ["psycopg2"]
redshift = ["psycopg2"]
snowflake = ["snowflake-connector-python>=3.0.2,<4.0.0", "cryptography"]
presto = ["presto-python-client"]
oracle = ["oracledb"]
mssql = ["pyodbc>=4.0.39"]
trino = ["trino>=0.314.0"]
clickhouse = ["clickhouse-driver"]
vertica = ["vertica-python"]
duckdb = ["duckdb"]
all-dbs = [
  "preql>=0.2.19",
  "mysql-connector-python>=8.0.29",
  "psycopg2",
  "snowflake-connector-python>=3.0.2,<4.0.0",
  "cryptography",
  "presto-python-client",
  "oracledb",
  "pyodbc>=4.0.39",
  "trino>=0.314.0",
  "clickhouse-driver",
  "vertica-python",
  "duckdb",
]
dev = [
  "parameterized",
  "unittest-parallel",
  "ruff>=0.1.4",
  "pre-commit>=3.5.0",
]
ci = [
  "google-cloud-bigquery<3.0.0",
]

[project.scripts]
data-diff = "data_diff.__main__:main"

[project.urls]
Repository = "https://github.com/GannettDigital/data-diff"

orca-security-us[bot]
orca-security-us bot reviewed Mar 21, 2026
View reviewed changes
Copy link

@orca-security-us orca-security-us bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed Infrastructure as Code high 0   medium 0   low 1   info 0 View in Orca
Passed Passed SAST high 0   medium 0   low 0   info 0 View in Orca
Passed Passed Secrets high 0   medium 0   low 0   info 0 View in Orca
Passed Warning Vulnerabilities high 5   medium 1   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
low Pip Install Without Pinned Package Version Dockerfile View in code
☢️ The following Vulnerabilities (CVEs) have been detected
PACKAGE FILE CVE ID INSTALLED VERSION FIXED VERSION
high mysql-connector-python ./uv.lock CVE-2024-21272 8.0.29 9.1.0 View in code
high orjson ./uv.lock CVE-2025-67221 3.11.5 3.11.6 View in code
high pyopenssl ./uv.lock CVE-2026-27459 25.3.0 26.0.0 View in code
high urllib3 ./uv.lock CVE-2025-66418 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock CVE-2025-66471 1.26.20 2.6.0 View in code
high urllib3 ./uv.lock CVE-2026-21441 1.26.20 2.6.3 View in code

Note: The scan should have failed if no policies were configured in warn-only mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@orca-security-us orca-security-us[bot] orca-security-us[bot] left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Migrate project tooling from Poetry to uv

1 participant

@kantselovich