From e3ffe4309473e9352b1b47943d6ef082d37dae04 Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:26:24 +1000 Subject: [PATCH 1/6] ci: add check for `uv` lockfile consistency with `pyproject.toml` --- .github/workflows/uv-lock-checks.yml | 66 ++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/uv-lock-checks.yml diff --git a/.github/workflows/uv-lock-checks.yml b/.github/workflows/uv-lock-checks.yml new file mode 100644 index 00000000000..72c55e318ab --- /dev/null +++ b/.github/workflows/uv-lock-checks.yml @@ -0,0 +1,66 @@ +# Check the `uv` lockfile for consistency with `pyproject.toml`. + +name: 'uv lock checks' + +on: + push: + branches: + - 'main' + pull_request: + types: + - 'ready_for_review' + - 'opened' + - 'synchronize' + merge_group: + workflow_dispatch: + inputs: + always_run: + description: 'Always run the checks' + required: true + type: boolean + default: true + workflow_call: + inputs: + always_run: + description: 'Always run the checks' + required: true + type: boolean + default: true + +jobs: + python-checks: + env: + # uv requires a venv by default - but for this, we can simply use the system python + UV_SYSTEM_PYTHON: 1 + runs-on: ubuntu-latest + timeout-minutes: 5 # expected run time: <1 min + steps: + - name: checkout + uses: actions/checkout@v4 + + - name: check for changed python files + if: ${{ inputs.always_run != true }} + id: changed-files + # Pinned to the _hash_ for v45.0.9 to prevent supply-chain attacks. + # See: + # - CVE-2025-30066 + # - https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised + # - https://github.com/tj-actions/changed-files/issues/2463 + uses: tj-actions/changed-files@a284dc1814e3fd07f2e34267fc8f81227ed29fb8 + with: + files_yaml: | + uvlock-pyprojecttoml: + - 'pyproject.toml' + - 'uv.lock' + + - name: setup uv + if: ${{ steps.changed-files.outputs.uvlock-pyprojecttoml_any_changed == 'true' || inputs.always_run == true }} + uses: astral-sh/setup-uv@v5 + with: + version: '0.6.10' + enable-cache: true + + - name: check lockfile + if: ${{ steps.changed-files.outputs.uvlock-pyprojecttoml_any_changed == 'true' || inputs.always_run == true }} + run: uv lock --locked # this will exit with 1 if the lockfile is not consistent with pyproject.toml + shell: bash From c34f9087050d0115fa48c95a0902aceadcef0d18 Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:29:47 +1000 Subject: [PATCH 2/6] ci: add comment to uv-lock-checks.yml --- .github/workflows/uv-lock-checks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/uv-lock-checks.yml b/.github/workflows/uv-lock-checks.yml index 72c55e318ab..2c77967117b 100644 --- a/.github/workflows/uv-lock-checks.yml +++ b/.github/workflows/uv-lock-checks.yml @@ -1,4 +1,6 @@ # Check the `uv` lockfile for consistency with `pyproject.toml`. +# +# If this check fails, you should run `uv lock` to update the lockfile. name: 'uv lock checks' From b9199623ddb57cf3efe17eaf9d41933872591a3f Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:30:46 +1000 Subject: [PATCH 3/6] ci: fix name of uv lock checks job --- .github/workflows/uv-lock-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/uv-lock-checks.yml b/.github/workflows/uv-lock-checks.yml index 2c77967117b..fb70c47237c 100644 --- a/.github/workflows/uv-lock-checks.yml +++ b/.github/workflows/uv-lock-checks.yml @@ -30,7 +30,7 @@ on: default: true jobs: - python-checks: + uv-lock-checks: env: # uv requires a venv by default - but for this, we can simply use the system python UV_SYSTEM_PYTHON: 1 From b802933190ed4a8b39bfca36b9b637a112c82122 Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:32:58 +1000 Subject: [PATCH 4/6] ci: change pyproject.toml to trigger uv lock check (it should fail) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index eec10e4cbfb..66ce4bcc259 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "InvokeAI" -description = "An implementation of Stable Diffusion which provides various new features and options to aid the image generation process" +description = "An implementation of Stable Diffusion which provides various new features and options to aid the image generation process TEST" requires-python = ">=3.10, <3.13" readme = { content-type = "text/markdown", file = "README.md" } keywords = ["stable-diffusion", "AI"] From cd3ad4654367bc2b7c0b644684b957d8bffed904 Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:34:49 +1000 Subject: [PATCH 5/6] Revert "ci: change pyproject.toml to trigger uv lock check (it should fail)" This reverts commit b802933190ed4a8b39bfca36b9b637a112c82122. --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 66ce4bcc259..eec10e4cbfb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "InvokeAI" -description = "An implementation of Stable Diffusion which provides various new features and options to aid the image generation process TEST" +description = "An implementation of Stable Diffusion which provides various new features and options to aid the image generation process" requires-python = ">=3.10, <3.13" readme = { content-type = "text/markdown", file = "README.md" } keywords = ["stable-diffusion", "AI"] From a3f6a090abeea12d44c10168b7ce3f046d8627c2 Mon Sep 17 00:00:00 2001 From: psychedelicious <4822129+psychedelicious@users.noreply.github.com> Date: Mon, 14 Apr 2025 09:35:14 +1000 Subject: [PATCH 6/6] chore: update lockfile --- uv.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/uv.lock b/uv.lock index b198c61fa8a..2e3977790d9 100644 --- a/uv.lock +++ b/uv.lock @@ -540,7 +540,7 @@ wheels = [ [[package]] name = "diffusers" -version = "0.32.2" +version = "0.33.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "filelock" }, @@ -552,9 +552,9 @@ dependencies = [ { name = "requests" }, { name = "safetensors" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/ee/72/d3f715e71a77f14a48f1ac081cea5bb6c6e6cd41c55b1291f401b1504679/diffusers-0.32.2.tar.gz", hash = "sha256:eb1e36b326aabb0675729af7c626caf7a76ce7ced3a126e879331790b1eaa230", size = 2614622 } +sdist = { url = "https://files.pythonhosted.org/packages/c2/4a/ea270e695ce5ffbffab2fdd542e8eba138d7cd26b945b6323a7791128e1b/diffusers-0.33.0.tar.gz", hash = "sha256:0d649d642fc1e0e5cbdfb8b66ae0cd44847f5b00bd2ec7889deb902af93335b8", size = 2895110 } wheels = [ - { url = "https://files.pythonhosted.org/packages/88/c9/2b2e822d871b06605363e52555be5d7ff0996f4eeaf0f7e5fda15adedfbe/diffusers-0.32.2-py3-none-any.whl", hash = "sha256:d7f182b49c7f428737ee3bf6397d463ec03b85f4f3b2c9470bd1d73292b609ff", size = 3226075 }, + { url = "https://files.pythonhosted.org/packages/92/be/0b204885f8b2763bcec71b68231b9df76348ee0d1c824fe6f750b0677bf0/diffusers-0.33.0-py3-none-any.whl", hash = "sha256:a9a07437dbb72ed72341cec6b8f07a3eab557b9a924adbac3411f77fa3614dcc", size = 3554677 }, ] [package.optional-dependencies] @@ -1052,7 +1052,7 @@ requires-dist = [ { name = "blake3" }, { name = "compel", specifier = "==2.0.2" }, { name = "deprecated" }, - { name = "diffusers", extras = ["torch"] }, + { name = "diffusers", extras = ["torch"], specifier = "==0.33.0" }, { name = "dnspython" }, { name = "dynamicprompts" }, { name = "einops" },