ansys · SMoraisAnsys · Sep 6, 2025 · Sep 6, 2025 · Sep 7, 2025 · Sep 7, 2025
@@ -3,7 +3,6 @@ updates:
   - package-ecosystem: "pip"
     directories:
       - "/requirements"
-      - "/check-vulnerabilities"
     schedule:
       interval: "daily"
     cooldown:
@@ -17,6 +16,21 @@ updates:
     labels:
       - "dependencies:requirements"
 
+  - package-ecosystem: "uv"
+    schedule:
+      interval: "daily"
+    cooldown:
+      default-days: 7
+      include:
+        - "*"  # Include all dependencies in cooldown
+    exclude-paths:
+      - "**/requirements.txt"
+    commit-message:
+      prefix: "build(actions-dependencies)"
+    labels:
+          - "dependencies:requirements"
+    directory: "/"
+
   - package-ecosystem: "github-actions"
     directories:
       - ".github/workflows"

@@ -0,0 +1,91 @@
+# This workflow is necessary because dependabot's support for uv is not perfect. Relevant discussion:
+# https://github.com/dependabot/dependabot-core/issues/10478
+#
+# Also, to avoid unnecessary complications wrt requirements' installation when either uv or pip is being used in an
+# action, requirements.txt files are maintained along side uv.lock files and these requirements files
+# are also updated via this workflow.
+
+name: fix uv lock file and update requirement.txt files
+
+on:
+  push:
+    branches:
+      - "dependabot/uv/**"
+
+env:
+  MAIN_PYTHON_VERSION: '3.13'
+
+permissions: {}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  update-lockfile-and-requirement-files:
+    name: Update lock file and requirement.txt files
+    permissions:
+      contents: write # Needed to update files on the dependabot update branch
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout dependabot branch"
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+          ref: ${{ github.ref }} # zizmor: ignore[artipacked] , credentials must be persisted in this case
+
+      - name: "Set up Python"
+        uses: ansys/actions/_setup-python@main
+        with:
+            python-version: ${{ env.MAIN_PYTHON_VERSION }}
+            use-cache: false
+            provision-uv: true
+            prune-uv-cache: false
+
+      - name: "Fix lockfile"
+        run: |
+          uv lock
+
+      - name: "Update requirement.txt files"
+        run: |
+          echo "Directories containing requirements.txt:"
+          echo "========================================"
+
+          find . -maxdepth 2 -type f -name "requirements.txt" -exec dirname {} \; | sort -u | while read dir; do
+              # Remove leading ./
+              dir_cleaned="${dir#./}"
+              # Get the directory name without leading underscore for the group name
+              group_name="${dir_cleaned#_}"
+
+              echo "  Processing: $dir_cleaned"
+
+              # Run uv export command
+              uv export --format requirements.txt --group "$group_name" --output-file "$dir_cleaned/requirements.txt" --no-hashes
+          done
+
+      - name: Commit and push uv.lock if changed
+        env:
+          REF_NAME: ${{ github.ref_name }}
+          BOT_USER: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
+          BOT_EMAIL: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
+        run: |
+          # Configure git username & email
+          git config user.name "${BOT_USER}"
+          git config user.email "${BOT_EMAIL}"
+
+          # Exit if there are no changes to commit
+          if git diff --quiet --exit-code; then
+            echo "No changes to commit."
+            exit 0
+          fi
+
+          # Check if uv.lock was modified or created
+          if git diff --quiet --exit-code uv.lock; then
+              echo "uv.lock is up-to-date, adding only requirements files' updates"
+              git commit -am "fix: update requirements files [skip-ci]"
+          else
+              echo "uv.lock changed, adding updates to lock file and requirements files."
+              git commit -am "fix: update lock file and requirements files [skip-ci]"
+          fi
+          git push origin "HEAD:${REF_NAME}"
@@ -139,8 +139,10 @@ runs:
       shell: bash
       env:
         INSTALL_COMMAND: ${{ inputs.use-uv == 'true' && 'uv pip install --no-managed-python --system' || 'python -m pip install' }}
+        ACTION_PATH: ${{ github.action_path }}
       run: |
-        ${INSTALL_COMMAND} --upgrade pip 'twine<6.2.0'
+        ${INSTALL_COMMAND} --upgrade pip
+        ${INSTALL_COMMAND} -r ${ACTION_PATH}/requirements.txt
 
     - name: "Download the library artifacts from build-library step"
       uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0

@@ -0,0 +1,75 @@
+# This file was autogenerated by uv via the following command:
+#    uv export --format requirements.txt --group release-pypi --output-file _release-pypi/requirements.txt --no-hashes
+backports-tarfile==1.2.0 ; python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via jaraco-context
+certifi==2025.11.12
+    # via requests
+cffi==2.0.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and platform_python_implementation != 'PyPy' and sys_platform == 'linux'
+    # via cryptography
+charset-normalizer==3.4.4
+    # via requests
+cryptography==46.0.3 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via secretstorage
+docutils==0.22
+    # via readme-renderer
+idna==3.11
+    # via requests
+importlib-metadata==8.7.0 ; python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jaraco-classes==3.4.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jaraco-context==6.0.1 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jaraco-functools==4.3.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jeepney==0.9.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via
+    #   keyring
+    #   secretstorage
+keyring==25.7.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via twine
+markdown-it-py==4.0.0
+    # via rich
+mdurl==0.1.2
+    # via markdown-it-py
+more-itertools==10.8.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via
+    #   jaraco-classes
+    #   jaraco-functools
+nh3==0.3.2
+    # via readme-renderer
+packaging==25.0
+    # via twine
+pkginfo==1.12.1.2
+    # via twine
+pycparser==2.23 ; implementation_name != 'PyPy' and platform_machine != 'ppc64le' and platform_machine != 's390x' and platform_python_implementation != 'PyPy' and sys_platform == 'linux'
+    # via cffi
+pygments==2.19.2
+    # via
+    #   readme-renderer
+    #   rich
+pywin32-ctypes==0.2.3 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'win32'
+    # via keyring
+readme-renderer==44.0
+    # via twine
+requests==2.32.5
+    # via
+    #   requests-toolbelt
+    #   twine
+requests-toolbelt==1.0.0
+    # via twine
+rfc3986==2.0.0
+    # via twine
+rich==14.2.0
+    # via twine
+secretstorage==3.5.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via keyring
+twine==6.0.1
+typing-extensions==4.15.0 ; python_full_version < '3.11' and platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via cryptography
+urllib3==2.5.0
+    # via
+    #   requests
+    #   twine
+zipp==3.23.0 ; python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via importlib-metadata
@@ -102,3 +102,4 @@ runs:
       with:
         enable-cache: ${{ inputs.use-cache }}
         prune-cache: ${{ inputs.prune-uv-cache }}
+        version: "0.9.12"
@@ -180,8 +180,9 @@ runs:
       shell: bash
       env:
         INSTALL_COMMAND: ${{ inputs.use-uv == 'true' && 'uv pip install --no-managed-python --system' || 'python -m pip install' }}
+        ACTION_PATH: ${{ github.action_path }}
       run: |
-        ${INSTALL_COMMAND} build twine
+        ${INSTALL_COMMAND} -r ${ACTION_PATH}/requirements.txt
 
     - name: "Build distribution artifacts"
       shell: bash

@@ -0,0 +1,86 @@
+# This file was autogenerated by uv via the following command:
+#    uv export --format requirements.txt --group build-library --output-file build-library/requirements.txt --no-hashes
+backports-tarfile==1.2.0 ; python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via jaraco-context
+build==1.3.0
+certifi==2025.11.12
+    # via requests
+cffi==2.0.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and platform_python_implementation != 'PyPy' and sys_platform == 'linux'
+    # via cryptography
+charset-normalizer==3.4.4
+    # via requests
+colorama==0.4.6 ; os_name == 'nt'
+    # via build
+cryptography==46.0.3 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via secretstorage
+docutils==0.22
+    # via readme-renderer
+idna==3.11
+    # via requests
+importlib-metadata==8.7.0 ; (python_full_version < '3.10.2' and platform_machine == 'ppc64le') or (python_full_version < '3.10.2' and platform_machine == 's390x') or (python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x')
+    # via
+    #   build
+    #   keyring
+jaraco-classes==3.4.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jaraco-context==6.0.1 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jaraco-functools==4.3.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via keyring
+jeepney==0.9.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via
+    #   keyring
+    #   secretstorage
+keyring==25.7.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via twine
+markdown-it-py==4.0.0
+    # via rich
+mdurl==0.1.2
+    # via markdown-it-py
+more-itertools==10.8.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x'
+    # via
+    #   jaraco-classes
+    #   jaraco-functools
+nh3==0.3.2
+    # via readme-renderer
+packaging==25.0
+    # via
+    #   build
+    #   twine
+pkginfo==1.12.1.2
+    # via twine
+pycparser==2.23 ; implementation_name != 'PyPy' and platform_machine != 'ppc64le' and platform_machine != 's390x' and platform_python_implementation != 'PyPy' and sys_platform == 'linux'
+    # via cffi
+pygments==2.19.2
+    # via
+    #   readme-renderer
+    #   rich
+pyproject-hooks==1.2.0
+    # via build
+pywin32-ctypes==0.2.3 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'win32'
+    # via keyring
+readme-renderer==44.0
+    # via twine
+requests==2.32.5
+    # via
+    #   requests-toolbelt
+    #   twine
+requests-toolbelt==1.0.0
+    # via twine
+rfc3986==2.0.0
+    # via twine
+rich==14.2.0
+    # via twine
+secretstorage==3.5.0 ; platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via keyring
+tomli==2.3.0 ; python_full_version < '3.11'
+    # via build
+twine==6.0.1
+typing-extensions==4.15.0 ; python_full_version < '3.11' and platform_machine != 'ppc64le' and platform_machine != 's390x' and sys_platform == 'linux'
+    # via cryptography
+urllib3==2.5.0
+    # via
+    #   requests
+    #   twine
+zipp==3.23.0 ; (python_full_version < '3.10.2' and platform_machine == 'ppc64le') or (python_full_version < '3.10.2' and platform_machine == 's390x') or (python_full_version < '3.12' and platform_machine != 'ppc64le' and platform_machine != 's390x')
+    # via importlib-metadata
@@ -363,11 +363,12 @@ runs:
       if: ${{ inputs.install-build-and-wheel == 'true' }}
       shell: bash
       env:
+        ACTION_PATH: ${{ github.action_path }}
         ACTIVATE_VENV: ${{ steps.virtual-environment-activation-command.outputs.ACTIVATE_VENV }}
         INSTALL_COMMAND: ${{ inputs.use-uv == 'true' && 'uv pip install --no-managed-python' || 'python -m pip install' }}
       run: |
         ${ACTIVATE_VENV}
-        $INSTALL_COMMAND build wheel
+        $INSTALL_COMMAND -r ${ACTION_PATH}/requirements.txt
 
     - name: "Generate the wheelhouse"
       shell: bash

@@ -0,0 +1,16 @@
+# This file was autogenerated by uv via the following command:
+#    uv export --format requirements.txt --group build-wheelhouse --output-file build-wheelhouse/requirements.txt --no-hashes
+build==1.3.0
+colorama==0.4.6 ; os_name == 'nt'
+    # via build
+importlib-metadata==8.7.0 ; python_full_version < '3.10.2'
+    # via build
+packaging==25.0
+    # via build
+pyproject-hooks==1.2.0
+    # via build
+tomli==2.3.0 ; python_full_version < '3.11'
+    # via build
+wheel==0.45.1
+zipp==3.23.0 ; python_full_version < '3.10.2'
+    # via importlib-metadata
@@ -83,7 +83,9 @@ runs:
         persist-credentials: false
 
     - name: "Install uv"
-      uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2
+      uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v6.6.1
+      with:
+        version: "0.9.12"
 
     - name: "Install zizmor and verify installation"
       shell: bash

@@ -271,22 +271,15 @@ runs:
         ${ACTIVATE_VENV}
         $INSTALL_COMMAND -U pip
 
-    - name: Clone ansys/pip-licenses on main branch
-      uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
-      with:
-        repository: ansys/pip-licenses
-        path: "external/pip-licenses"
-        ref: "main"
-        persist-credentials: false
-
     - name: Install ansys/pip-licenses main branch
       shell: bash
       env:
         ACTIVATE_VENV: ${{ steps.virtual-environment-activation-command.outputs.ACTIVATE_VENV }}
-        INSTALL_COMMAND: ${{ inputs.use-uv == 'true' && 'uv pip install --no-managed-python --no-cache' || 'python -m pip install --no-cache-dir' }}
+        ACTION_PATH: ${{ github.action_path }}
+        INSTALL_COMMAND: ${{ inputs.use-uv == 'true' && 'uv pip install --no-managed-python --system --no-cache' || 'python -m pip install --no-cache-dir' }}
       run: |
         ${ACTIVATE_VENV}
-        $INSTALL_COMMAND external/pip-licenses
+        ${INSTALL_COMMAND} -r ${ACTION_PATH}/requirements.txt
 
     - name: "Check if specific target is requested"
       id: specific-target-requested

@@ -0,0 +1,9 @@
+# This file was autogenerated by uv via the following command:
+#    uv export --format requirements.txt --group check-licenses --output-file check-licenses/requirements.txt --no-hashes
+pip-licenses @ git+https://github.com/ansys/pip-licenses.git@5e094b575b18e9a020bb9dcba4c5cea45c2e8d03
+prettytable==3.17.0
+    # via pip-licenses
+tomli==2.3.0
+    # via pip-licenses
+wcwidth==0.2.14
+    # via prettytable