fix(scripts): add uv lock refresh to version update script

[ryoppippi]

Summary

Adds uv lock execution to the version update script to ensure the lockfile stays in sync after release-please updates pyproject.toml.

What Changed

• Added subprocess import to run shell commands
• Added uv lock execution at the end of main()
• Updated docstring to reflect the additional responsibility

Why

Previously, when release-please updated the version in pyproject.toml, the update_version.py script would only sync the version to __init__.py. This left uv.lock potentially out of sync with the new version, which could cause inconsistencies. Now the lockfile is automatically refreshed as part of the version update process.

---

Summary by cubic

Refreshes uv.lock during version bumps by running uv lock in the update_version.py script. Prevents lockfile drift after release-please updates pyproject.toml.

^{Written for commit d1060d8. Summary will update automatically on new commits.}

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (all 1 issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="scripts/update_version.py">

<violation number="1" location="scripts/update_version.py:42">
P2: Missing error handling for subprocess call. Per project standards in `.cursor/rules/uv-scripts.mdc`, external calls should use try/except blocks with meaningful error messages and appropriate exit codes. If `uv` is not installed or the command fails, users will see an unhelpful traceback.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[cubic-dev-ai]

P2: Missing error handling for subprocess call. Per project standards in .cursor/rules/uv-scripts.mdc, external calls should use try/except blocks with meaningful error messages and appropriate exit codes. If uv is not installed or the command fails, users will see an unhelpful traceback.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At scripts/update_version.py, line 42:

<comment>Missing error handling for subprocess call. Per project standards in `.cursor/rules/uv-scripts.mdc`, external calls should use try/except blocks with meaningful error messages and appropriate exit codes. If `uv` is not installed or the command fails, users will see an unhelpful traceback.</comment>

<file context>
@@ -36,6 +37,11 @@ def main() -&gt; None:
 
+    # Update uv.lock to reflect version change in pyproject.toml
+    print(&quot;Updating uv.lock...&quot;)
+    subprocess.run([&quot;uv&quot;, &quot;lock&quot;], check=True)
+    print(&quot;uv.lock updated successfully&quot;)
+
</file context>

Suggested change

	subprocess.run(["uv", "lock"], check=True)
	try:
	subprocess.run(["uv", "lock"], check=True)
	except FileNotFoundError:
	print("Error: 'uv' command not found. Please install uv first.")
	raise SystemExit(1)
	except subprocess.CalledProcessError as e:
	print(f"Error: 'uv lock' failed with exit code {e.returncode}")
	raise SystemExit(1)

[Copilot]

Pull request overview

This PR adds automatic lockfile refresh to the version update script to keep uv.lock synchronized when release-please updates the package version in pyproject.toml. Since the project has a self-reference to stackone-ai in its dev dependencies, version changes require a lockfile update.

Key changes:

• Imported subprocess module to enable shell command execution
• Added uv lock command execution after version sync to __init__.py
• Updated docstring to reflect the expanded responsibility

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The lockfile update in this script will not be committed back to the repository. The release workflow runs this script after a release is created, updates the lockfile, builds and publishes, but never commits the updated uv.lock. This means the repository will have an out-of-sync lockfile.

Consider one of these approaches:

1. Run uv lock as part of the release-please PR (before merging), not after the release
2. Add a git commit and push step in the workflow after running this script
3. Use a GitHub Action that can amend the release commit or create a follow-up commit

The current implementation will cause the published package to be built with one lockfile while the repository contains a different one, leading to reproducibility issues.

[Copilot]

While check=True will raise CalledProcessError on failure (which is good), consider adding explicit error handling with a try-except block to provide a more informative error message if the uv lock command fails. This would help diagnose issues such as uv not being installed or lockfile conflicts.

For example, catching CalledProcessError and printing the stderr output would make debugging easier in CI environments.

Suggested change

	subprocess.run(["uv", "lock"], check=True)
	print("uv.lock updated successfully")
	try:
	result = subprocess.run(
	["uv", "lock"],
	check=True,
	capture_output=True,
	text=True,
	)
	except FileNotFoundError as e:
	print("Error: 'uv' command not found. Make sure 'uv' is installed and on your PATH.")
	raise
	except subprocess.CalledProcessError as e:
	print("Error: 'uv lock' command failed.")
	if e.stderr:
	print("stderr from 'uv lock':")
	print(e.stderr)
	raise
	else:
	if result.stderr:
	# Optionally surface non-fatal warnings from uv
	print("Warnings from 'uv lock':")
	print(result.stderr)
	print("uv.lock updated successfully")

[glebedel]

LGTM