Upgrade to latest repo template/uv

.dockerignore

@@ -6,7 +6,6 @@
 **/htmlcov
 **/__pycache__
 **/*.pyc
-**/.python-version
 **/.env
 **/.venv
 **/venv

.github/dependabot.yml

@@ -6,3 +6,5 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"
+    cooldown:
+      default-days: 7

.github/workflows/build-and-publish.yml

@@ -24,9 +24,7 @@ jobs:
     - name: Set up Just
       uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff
     - name: Build image
-      run: just build-docker
-    - name: Test image
-      run: just test-docker
+      run: just docker/build prod
     - name: Log into GitHub Container Registry
       run: docker login https://ghcr.io -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
     - name: Push image to GitHub Container Registry

.github/workflows/main.yml

@@ -12,14 +12,9 @@ jobs:
       - uses: actions/checkout@v5
       - uses: "opensafely-core/setup-action@v1"
         with:
-          cache: null
-          python-version: "3.11"
           install-just: true
-      - name: Install uv
-        uses: astral-sh/setup-uv@v6
-        with:
-          # Install a specific version of uv.
-          version: "0.7.13"
+          install-uv: true
+          cache: uv
       - name: Check formatting, linting and import sorting
         run: just check
 
@@ -28,24 +23,9 @@ jobs:
 
     steps:
       - uses: actions/checkout@v5
-      - uses: "opensafely-core/setup-action@8309ec8eb730c5b342dd496a09392f95bedd2fb0"
+      - uses: "opensafely-core/setup-action@v1"
         with:
-          python-version: "3.11"
           install-just: true
-      - name: Install uv
-        uses: astral-sh/setup-uv@v6
-        with:
-          # Install a specific version of uv.
-          version: "0.7.13"
       - name: Run tests
-#       env:  # Add environment variables required for tests
         run: |
-          just test-docker
-
-  lint-dockerfile:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5  # v3.3.0
-        with:
-          failure-threshold: error
+          just docker/test

.pre-commit-config.yaml

@@ -4,21 +4,16 @@ default_language_version:
 repos:
   - repo: local
     hooks:
-    - id: format
-      name: format
-      entry: just format
-      language: system
-      types: [python]
-      require_serial: true
-    - id: lint
-      name: lint
-      entry: just lint
+    - id: check
+      name: check
+      entry: just check
       language: system
       types: [python]
       require_serial: true
+      pass_filenames: false
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # v6.0.0
     hooks:
     - id: trailing-whitespace
     - id: end-of-file-fixer
@@ -28,8 +23,3 @@ repos:
     - id: check-toml
     - id: check-yaml
     - id: detect-private-key
-
-  - repo: https://github.com/stratasan/hadolint-pre-commit
-    rev: cdefcb0
-    hooks:
-    - id: hadolint

DEVELOPERS.md

@@ -16,23 +16,87 @@ Show all available commands
 just
 ```
 
+### uv
+
+Follow installation instructions from the [uv documentation](https://docs.astral.sh/uv/getting-started/installation/) for your OS.
+
+
 ## Production environment
 
 At the time of writing, the required environment variables will be provided by
 the job-runner agent's [inject_db_secrets()](https://github.com/opensafely-core/job-runner/blob/a62ce3cc7277cfdbf689bea2e31d0123227a403c/jobrunner/agent/main.py#L336).
 
+
+## Local development environment
+
+Set up a local development environment with:
+```
+just devenv
+```
+
+## Dependency management
+Dependencies are managed with `uv`.
+
+
+### Overview
+See the [uv documentation](https://docs.astral.sh/uv/concepts/projects/dependencies) for details on usage.
+Commands for adding, removing or modifying constraints of dependencies will automatically respect the
+global timestamp cutoff specified in the `pyproject.toml`:
+```toml
+[tool.uv]
+exclude-newer = "YYYY-MM-DDTHH:MM:SSZ"
+```
+Changes to dependencies should be made via `uv` commands, or by modifying `pyproject.toml` directly followed by
+[locking and syncing](https://docs.astral.sh/uv/concepts/projects/sync/) via `uv` or `just` commands like
+`just devenv` or `just upgrade-all`. You should not modify `uv.lock` manually.
+
+Note that `uv.lock` must be reproducible from `pyproject.toml`. Otherwise, `just check` will fail.
+If `just check` errors saying that the timestamps must match, you might have modified one file but not the other:
+  - If you modified `pyproject.toml`, you must update `uv.lock` via `uv lock` / `just upgrade-all` or similar.
+  - If you did not modify `pyproject.toml` but have changes in `uv.lock`, you should revert the changes to `uv.lock`,
+  modify `pyproject.toml` as you require, then run `uv lock` to update `uv.lock`.
+
+The timestamp cutoff should usually be set to midnight UTC of a past date.
+In general, the date is expected to be between 7 and 14 days ago as a result of automated weekly dependency updates.
+
+If you require a package version that is newer than the cutoff allows, you can either manually bump the global cutoff
+date or add a package-specific timestamp cutoff. Both options are described below.
+
+### Manually bumping the cutoff date
+The cutoff timestamp can be modified to a more recent date either manually in the `pyproject.toml`
+or with `just bump-uv-cutoff <days-ago>`.
+For example, to set the cutoff to today's date and upgrade all dependencies, run:
+```
+just bump-uv-cutoff 0
+just upgrade-all
+```
+
+### Adding a package-specific timestamp cutoff
+It is possible to specify a package-specific timestamp cutoff in addition to the global cutoff.
+This should be done in the `pyproject.toml` to ensure reproducible installs;
+see the [uv documentation](https://docs.astral.sh/uv/reference/settings/#exclude-newer-package) for details.
+If set, the package-specific cutoff will take precedence over the global cutoff regardless of which one is more recent.
+
+You should not set a package-specific cutoff that is older than the global cutoff - use a version
+constraint instead.
+If there is good reason to set a package-specific cutoff that is more recent than the global cutoff,
+**care should be taken to ensure that the package-specific cutoff is manually removed once it is over 7 days old**,
+as otherwise future automated updates of that package will be indefinitely blocked.
+Currently no automated tooling is in place to enforce removal of stale package-specific cutoffs.
+
+
 ## Tests
 
 Run the tests locally with:
 ```bash
-docker compose up -d mssql
+just docker/mssql-run
 just test <args>
-docker compose down mssql
+just docker/mssql-stop
 ```
 
 Or run the tests in a local docker container with:
 ```bash
-just test-docker
+just docker/test
 ```
 
 ## Running locally
@@ -41,10 +105,10 @@ To run the commands as they would be run in production, you could:
 
 ```bash
 # build the image
-docker build . -t tpp-database-utils
+just docker/build prod
 
 # start a db server:
-docker compose up mssql
+just docker/mssql-run
 
 # run a command
 export DATABASE_URL='mssql://SA:Your_password123!@localhost:15785/Test_OpenCorona'

docker/.env

@@ -0,0 +1,16 @@
+# Default test docker db url
+DATABASE_URL="mssql://SA:Your_password123!@mssql:1433/Test_OpenCorona"
+TEMP_DATABASE_NAME="OPENCoronaTempTables"
+# nb. this is not provided by default in the production environment
+# TPP_MAINTENANCE_START_EVENT="Swap Tables,CodedEvent_SNOMED"
+
+COMPOSE_PROJECT_NAME=tpp-database-utils
+
+# enable modern docker build features
+DOCKER_BUILDKIT=1
+COMPOSE_DOCKER_CLI_BUILD=1
+
+# The ubuntu version the docker image will use
+UBUNTU_VERSION=22.04
+# The uv version the docker image will use
+UV_VERSION=0.9