build: migrate project to pyproject and uv#30
Draft
sfc-gh-bnisco wants to merge 4 commits into
Draft
Conversation
Replace the pip requirements workflow with a uv-managed pyproject and lockfile so the app has a single source of truth for dependencies and reproducible installs. This also raises the Python baseline to 3.14 and updates the devcontainer to keep its container environment separate from the host workspace. Co-authored-by: Cursor <cursoragent@cursor.com>
The migration pinned the project to Python >=3.14, which excluded users on common interpreters (3.11-3.13) and risked the Streamlit Community Cloud deploy target, where 3.14 may not yet be selectable. Lower the floor and the default dev version to 3.11 so a fresh `uv sync` works on widely-available Pythons without forcing a 3.14 download. Set requires-python, .python-version, and the devcontainer to 3.11, and regenerate uv.lock against the wider range. Also pin the devcontainer image to 1.0-3.11-bookworm instead of the floating 3.14-bookworm tag, and dedent the standalone uv-install code block in the README. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adopt the latest Streamlit release. Add a >=1.58.0 floor to the dependency so fresh clones pick up current fixes and features, and regenerate uv.lock to pin streamlit==1.58.0 (up from 1.57.0). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
sfc-gh-braethlein
approved these changes
Jun 16, 2026
| "name": "Python 3.11", | ||
| // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | ||
| "image": "mcr.microsoft.com/devcontainers/python:1-3.11-bullseye", | ||
| "image": "mcr.microsoft.com/devcontainers/python:1.0-3.11-bookworm", |
There was a problem hiding this comment.
question: why not Python 3.14?
In the description you say
The Python floor is kept at 3.11 so the template runs on widely-available interpreters (and the Community Cloud runtime) without forcing a newer download.
but CC also supports 3.14 and using the latest Python version means we don't have to force-upgrade these apps in autumn next year.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace the pip +
requirements.txtworkflow with auv-managedpyproject.tomland a committeduv.lock. This gives the template a single source of truth for dependencies and reproducible installs across local dev, Codespaces, and the deployed app (Streamlit Community Cloud readsuv.lockat the highest priority).Before → After
requirements.txtpyproject.toml+ committeduv.lockpip install -r requirements.txtuv syncstreamlit run streamlit_app.pyuv run streamlit run streamlit_app.py>=3.11floor, pinned via.python-versionstreamlit(unpinned, resolved 1.57.0)streamlit>=1.58.0floor, locked to1.58.0python:1-3.11-bullseyepython:1.0-3.11-bookworm--userinside the workspaceuvvenv at$HOME/.venvs/...(off the mounted workspace)Versioning strategy
The committed
uv.lockis what makes installs reproducible: every environment resolves to the exact same dependency tree. The risk with a pinned lockfile is that it goes stale, so a Dependabot config (.github/dependabot.yml) keeps it fresh:uvecosystem and bumpsuv.lockas new Streamlit and transitive releases land, so the committed lock (and the Community Cloud demo that deploys from it) tracks current versions.Notes
streamlit==1.58.0and its full dependency tree, so every environment resolves identically.uv syncbuilds the env on CPython 3.11.9 with Streamlit 1.58.0, and the app imports cleanly.