Skip to content

devcontainer: install pre-commit via uv, drop pip from the flow#129

Merged
Syndic merged 2 commits into
mainfrom
pr/devcontainer-uv-pre-commit
Jun 16, 2026
Merged

devcontainer: install pre-commit via uv, drop pip from the flow#129
Syndic merged 2 commits into
mainfrom
pr/devcontainer-uv-pre-commit

Conversation

@Syndic

@Syndic Syndic commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Summary

Final piece of the Python tooling bootstrap (continuation plan PR 5). Replaces the host-style pip install --user pre-commit in post-create.sh with a system-level uv tool install pre-commit in the Dockerfile, so the devcontainer carries one Python package manager (uv) instead of two.

  • Dockerfile: chains uv tool install pre-commit after the existing ruff + ty installs. PRE_COMMIT_VERSION is Renovate-tracked (pypi).
  • Dockerfile: sets UV_PYTHON_INSTALL_DIR=/usr/local/share/uv-python so uv's managed Python interpreter lands in a world-readable location. Without this, uv's default ($HOME/.local/share/uv/python) is /root/.local/... (mode 700) when install runs as root. Pre-commit's per-tool venv has a bin/python symlink into that path; the pre-commit launcher's shebang then targets a directory the vscode user can't traverse and fails with bad interpreter: Permission denied. ruff and ty avoid this because they're standalone binaries that don't actually invoke the symlinked Python.
  • post-create.sh: drops the pip install --user --no-warn-script-location pre-commit line; the "$HOME/.local/bin/pre-commit" install invocation becomes plain pre-commit install since the binary is on PATH at image-build time.

pip no longer appears in any imperative line of the devcontainer flow — only in prose comments and shell set -euo pipefail. uv sync (added in PR #126) stays as the editor-LSP enabler.

Test plan

Performed in a freshly recreated container (--build-no-cache, docker rm -f of the prior container — devcontainer up alone reuses a running container even with --build-no-cache):

  • which pre-commit/usr/local/bin/pre-commit (was /home/vscode/.local/bin/pre-commit previously)
  • pre-commit --version → 4.6.0
  • ruff format --check . clean
  • ruff check . clean
  • ty check clean
  • python3 meta/scripts/check_modules.py reports consistent
  • bazel test //... — 11/11 pass
  • bazel run //:gazelle -- -mode=diff clean
  • pre-commit run --all-files clean

Out of scope

Syndic added 2 commits June 15, 2026 20:28
Dockerfile installs pre-commit through `uv tool install` alongside ruff/ty,
so the devcontainer has a single Python package manager (uv) — no more
`pip install --user` in post-create. Sets UV_PYTHON_INSTALL_DIR to a
world-readable path; uv's default ($HOME/.local/share/uv/python) is under
/root mode 700 when install runs as root, and a pre-commit shebang
resolving into that path makes `pre-commit` fail with "bad interpreter:
Permission denied" for the vscode user. ruff and ty are standalone
binaries and don't actually invoke the symlinked Python, which is why
this only surfaces with pure-Python tools.

post-create.sh swaps `$HOME/.local/bin/pre-commit install` for plain
`pre-commit install` since the binary is on PATH at image-build time.
README: "What's inside" now lists uv/ruff/ty alongside the older tools, the
ty CI row reflects the pinned `uvx ty@<pin> check` invocation, and the
Renovate paragraph names the actual groups (Bazel, Go, GitHub Actions,
language SDKs, ruff) plus the ungrouped tracked deps (ty, pre-commit,
buildifier, bazelisk, uv image tag).

pyproject.toml: drops the "as it is added in later PRs" forward-looking
phrasing now that ruff and ty are both present, and removes the inaccurate
"Strict mode" line on [tool.ty] (the actual block leaves rule severities
at ty's defaults — the contradiction was a leftover from the first draft).

meta/scripts/smoke_py/BUILD.bazel: corrects the DELETE TRIGGER from
"PR-1 followup" to "when gazelle_python is wired (B4)", matching the
canonical pointer in docs/future-considerations.md.
@Syndic Syndic merged commit 1b6a81f into main Jun 16, 2026
36 checks passed
@Syndic Syndic deleted the pr/devcontainer-uv-pre-commit branch June 16, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant