Skip to content

ci(release-please): bump uv.lock version via extra-files jsonpath#1518

Merged
omercnet merged 1 commit intomainfrom
fix/release-please-uv-lock-jsonpath
May 5, 2026
Merged

ci(release-please): bump uv.lock version via extra-files jsonpath#1518
omercnet merged 1 commit intomainfrom
fix/release-please-uv-lock-jsonpath

Conversation

@omercnet
Copy link
Copy Markdown
Member

@omercnet omercnet commented May 5, 2026

Summary

Replaces #1515 with a much simpler fix: just one extra entry in release-please-config.json instead of an entire follow-up workflow job + GitHub App token + push-back-to-PR-branch dance.

Background

release-please bumps version in pyproject.toml but doesn't update uv.lock. The project's own version lives in uv.lock too:

[[package]]
name = "descope"
version = "1.13.0"

So uv sync --locked fails on every CI job for the release PR (#1446) with The lockfile at uv.lock needs to be updated.

Fix

Per googleapis/release-please#2561 and the working incantation documented in #2455 (comment), release-please's TOML updater can target array-of-tables entries via a jsonpath filter — with one quirk:

  • the filter side needs .value because release-please's TOML parser wraps strings as {value, start, end} objects
  • the update target does not use .value because the updater writes to the field directly

Resulting jsonpath:

$.package[?(@.name.value=='descope')].version

Why this approach over #1515

#1515 (workflow job) This PR (config)
Files changed .github/workflows/release-please.yml (+55 lines) release-please-config.json (+5 lines)
Mechanism Run uv lock after release-please, push commit back Native release-please feature
Auth required GitHub App token w/ contents: write None
Race conditions Possible if release-please regenerates between steps None — atomic
Maintenance Custom code, may drift Standard release-please config

Closing #1515 in favor of this.

Verification

  • Config JSON parses cleanly.
  • jsonpath structure verified to target the correct [[package]] entry (descope's at line 523-526 of uv.lock).
  • The pattern is the documented working solution; will produce the bumped uv.lock on the next release-please run after merge.

@omercnet
ci(release-please): bump uv.lock version via extra-files jsonpath
d9598a0 
release-please bumps `pyproject.toml` but doesn't touch `uv.lock`
by default, leaving the project's `[[package]] name = "descope"`
entry stale and breaking `uv sync --locked` on every CI job for
the release PR (e.g. #1446).

Per googleapis/release-please#2561 (and the working incantation in
googleapis/release-please#2455 (comment 2643132770)), release-please
*can* update array-of-tables TOML entries via an extra-files jsonpath
filter — with the catch that the filter side needs `.value` (because
the parser wraps strings as `{value, start, end}`) but the update
target does not. The pattern is:

    $.package[?(@.name.value=='descope')].version

Add it to release-please-config.json so the lockfile's project
version is bumped in lockstep with pyproject.toml. No workflow
changes needed.
Copilot AI review requested due to automatic review settings May 5, 2026 19:32
@shuni-bot-dev
Copy link
Copy Markdown

shuni-bot-dev Bot commented May 5, 2026
edited
Loading

🐕 Review complete — View session on Shuni Portal 🐾

@omercnet omercnet mentioned this pull request May 5, 2026
Closed
@omercnet omercnet requested review from LioriE May 5, 2026 19:33
shuni-bot-dev[bot]
shuni-bot-dev Bot reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

@shuni-bot-dev shuni-bot-dev Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐕 Shuni's Review

Adds a release-please extra-files jsonpath entry so uv.lock's descope package version gets bumped alongside pyproject.toml.

No issues found — good bones!

Verified: JSON parses, exactly one name = "descope" entry exists in uv.lock (line 525), the .value filter quirk matches the documented release-please TOML parser behavior, and the version matches pyproject.toml. Clean, minimal config change. Woof!

Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Release Please configuration so that version bumps applied to pyproject.toml are also applied to the project’s own [[package]] entry inside uv.lock, preventing uv sync --locked failures on release PRs.

Changes:

  • Add a second extra-files TOML updater entry to update uv.lock’s [[package]] name = "descope" version via a JSONPath filter.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 5, 2026

Coverage report

The coverage rate went from 98.37% to 98.37% ➡️

None of the new lines are part of the tested code. Therefore, there is no coverage data about them.

@omercnet omercnet merged commit 33a7277 into main May 5, 2026
37 checks passed
@omercnet omercnet deleted the fix/release-please-uv-lock-jsonpath branch May 5, 2026 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@shuni-bot-dev shuni-bot-dev[bot] shuni-bot-dev[bot] left review comments

@LioriE LioriE Awaiting requested review from LioriE

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@omercnet @LioriE