Always show prune cache output (#597)

Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.1.2 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add support for <code>color</code> input by <a
href="https://github.com/birjj"><code>@​birjj</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37">zizmorcore/zizmor-action#37</a></li>
<li>Adding option for GitHub annotations by <a
href="https://github.com/abdelq"><code>@​abdelq</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45">zizmorcore/zizmor-action#45</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/birjj"><code>@​birjj</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37">zizmorcore/zizmor-action#37</a></li>
<li><a href="https://github.com/abdelq"><code>@​abdelq</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45">zizmorcore/zizmor-action#45</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0">https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e673c3917a"><code>e673c39</code></a>
Adding option for GitHub annotations (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/45">#45</a>)</li>
<li><a
href="2d5a33f24d"><code>2d5a33f</code></a>
chore: add missing license (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/44">#44</a>)</li>
<li><a
href="a016d81e77"><code>a016d81</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/39">#39</a>)</li>
<li><a
href="a8fb1d7e7d"><code>a8fb1d7</code></a>
feat: add support for <code>color</code> input (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/37">#37</a>)</li>
<li><a
href="09680325f5"><code>0968032</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/35">#35</a>)</li>
<li><a
href="7f2abfff74"><code>7f2abff</code></a>
README: bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/33">#33</a>)</li>
<li>See full diff in <a
href="5ca5fc7a47...e673c3917a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.1.2&new-version=0.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/python.json

@@ -4,13 +4,13 @@
       "owner": "python",
       "pattern": [
         {
-          "regexp": "^\\s*File\\s\\\"(.*)\\\",\\sline\\s(\\d+),\\sin\\s(.*)$",
           "file": 1,
-          "line": 2
+          "line": 2,
+          "regexp": "^\\s*File\\s\\\"(.*)\\\",\\sline\\s(\\d+),\\sin\\s(.*)$"
         },
         {
-          "regexp": "^\\s*raise\\s(.*)\\(\\'(.*)\\'\\)$",
-          "message": 2
+          "message": 2,
+          "regexp": "^\\s*raise\\s(.*)\\(\\'(.*)\\'\\)$"
         }
       ]
     }

.github/workflows/codeql-analysis.yml

@@ -21,6 +21,8 @@ on:
     branches:
       - main
 
+permissions: {}
+
 jobs:
   analyze:
     name: Analyze
@@ -39,11 +41,13 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
         with:
           languages: ${{ matrix.language }}
           source-root: src
@@ -55,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -69,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3

.github/workflows/release-drafter.yml

@@ -8,6 +8,8 @@ on:
     branches:
       - main
 
+permissions: {}
+
 jobs:
   update_release_draft:
     name: ✏️ Draft release
@@ -17,6 +19,6 @@ jobs:
       pull-requests: read
     steps:
       - name: 🚀 Run Release Drafter
-        uses: release-drafter/release-drafter@v6.1.0
+        uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -18,11 +18,17 @@ permissions:
 jobs:
   lint:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write # for zizmor
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Actionlint
         uses: eifinger/actionlint-action@23c85443d840cd73bbecb9cddfc933cc21649a38  # v1.9.1
-      - uses: actions/setup-node@v4
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
+      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: "20"
       - run: |
@@ -44,7 +50,9 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest, macos-14, windows-latest]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install latest version
         id: setup-uv
         uses: ./
@@ -52,9 +60,17 @@ jobs:
         working-directory: __tests__/fixtures/uv-project
         shell: bash
       - name: Check uv-path is set
-        run: ${{ steps.setup-uv.outputs.uv-path }} --version
+        run: |
+          "${UV_PATH}" --version
+        shell: bash
+        env:
+          UV_PATH: ${{ steps.setup-uv.outputs.uv-path }}
       - name: Check uvx-path is set
-        run: ${{ steps.setup-uv.outputs.uvx-path }} --version
+        run: |
+          "${UVX_PATH}" --version
+        shell: bash
+        env:
+          UVX_PATH: ${{ steps.setup-uv.outputs.uvx-path }}
 
   test-specific-version:
     runs-on: ubuntu-latest
@@ -62,7 +78,9 @@ jobs:
       matrix:
         uv-version: ["0.3.0", "0.3.2", "0.3", "0.3.x", ">=0.3.0"]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install version ${{ matrix.uv-version }}
         uses: ./
         with:
@@ -76,7 +94,9 @@ jobs:
         os: [ ubuntu-latest, selfhosted-ubuntu-arm64 ]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install version 0.3
         id: setup-uv
         uses: ./
@@ -99,7 +119,9 @@ jobs:
   test-pep440-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install version 0.4.30
         id: setup-uv
         uses: ./
@@ -115,7 +137,9 @@ jobs:
   test-pyproject-file-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install version 0.5.14
         id: setup-uv
         uses: ./
@@ -131,7 +155,9 @@ jobs:
   test-malformed-pyproject-file-fallback:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install using malformed pyproject.toml
         id: setup-uv
         uses: ./
@@ -142,7 +168,9 @@ jobs:
   test-uv-file-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install version 0.5.15
         id: setup-uv
         uses: ./
@@ -155,6 +183,60 @@ jobs:
             exit 1
           fi
 
+  test-version-file-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Install from requirements file
+        id: setup-uv
+        uses: ./
+        with:
+          version-file: "__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt"
+      - name: Correct version gets installed
+        run: |
+          if [ "$(uv --version)" != "uv 0.6.17" ]; then
+            echo "Wrong uv version: $(uv --version)"
+            exit 1
+          fi
+
+  test-version-file-hash-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Install from requirements file
+        id: setup-uv
+        uses: ./
+        with:
+          version-file: "__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt"
+      - name: Correct version gets installed
+        run: |
+          if [ "$(uv --version)" != "uv 0.8.3" ]; then
+            echo "Wrong uv version: $(uv --version)"
+            exit 1
+          fi
+
+  test-tool-versions-file-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Install from .tools-versions file
+        id: setup-uv
+        uses: ./
+        with:
+          version-file: "__tests__/fixtures/.tool-versions"
+      - name: Correct version gets installed
+        run: |
+          if [ "$(uv --version)" != "uv 0.5.15" ]; then
+            echo "Wrong uv version: $(uv --version)"
+            exit 1
+          fi
+
   test-checksum:
     runs-on: ${{ matrix.inputs.os }}
     strategy:
@@ -165,7 +247,9 @@ jobs:
           - os: macos-latest
             checksum: "a70cbfbf3bb5c08b2f84963b4f12c94e08fbb2468ba418a3bfe1066fbe9e7218"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Checksum matches expected
         uses: ./
         with:
@@ -177,7 +261,9 @@ jobs:
   test-with-explicit-token:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install default version
         uses: ./
         with:
@@ -188,7 +274,9 @@ jobs:
   test-uvx:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install default version
         uses: ./
       - run: uvx ruff --version
@@ -205,7 +293,9 @@ jobs:
             windows-latest,
           ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install default version
         uses: ./
       - run: uv tool install ruff
@@ -214,7 +304,9 @@ jobs:
   test-tilde-expansion-tool-dirs:
     runs-on: selfhosted-ubuntu-arm64
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -237,7 +329,9 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install latest version
         uses: ./
         with:
@@ -258,7 +352,9 @@ jobs:
       matrix:
         os: [ ubuntu-latest, macos-latest, windows-latest ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install latest version
         uses: ./
         with:
@@ -279,7 +375,9 @@ jobs:
     runs-on: ubuntu-latest
     container: alpine
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install latest version
         uses: ./
       - run: uv sync
@@ -292,7 +390,9 @@ jobs:
         enable-cache: [ "true", "false", "auto" ]
         os: [ "ubuntu-latest", "selfhosted-ubuntu-arm64", "windows-latest" ]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -309,7 +409,9 @@ jobs:
         os: [ "ubuntu-latest", "selfhosted-ubuntu-arm64", "windows-latest" ]
     needs: test-setup-cache
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Restore with cache
         id: restore
         uses: ./
@@ -341,7 +443,9 @@ jobs:
   test-setup-cache-requirements-txt:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -353,9 +457,11 @@ jobs:
         working-directory: __tests__/fixtures/requirements-txt-project
   test-restore-cache-requirements-txt:
     runs-on: ubuntu-latest
-    needs: test-setup-cache
+    needs: test-setup-cache-requirements-txt
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Restore with cache
         id: restore
         uses: ./
@@ -377,7 +483,9 @@ jobs:
   test-setup-cache-dependency-glob:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -392,7 +500,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: test-setup-cache-dependency-glob
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Change pyproject.toml
         run: |
           echo '[tool.uv]' >> __tests__/fixtures/uv-project/pyproject.toml
@@ -415,6 +525,78 @@ jobs:
         env:
           CACHE_HIT: ${{ steps.restore.outputs.cache-hit }}
 
+  test-setup-cache-save-cache-false:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup with cache
+        uses: ./
+        with:
+          enable-cache: true
+          save-cache: false
+          cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-setup-cache-save-cache-false
+      - run: uv sync
+        working-directory: __tests__/fixtures/uv-project
+        shell: bash
+  test-restore-cache-save-cache-false:
+    runs-on: ubuntu-latest
+    needs: test-setup-cache-save-cache-false
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Restore with cache
+        id: restore
+        uses: ./
+        with:
+          enable-cache: true
+          cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-setup-cache-save-cache-false
+      - name: Cache was not hit
+        run: |
+          if [ "$CACHE_HIT" == "true" ]; then
+            exit 1
+          fi
+        env:
+          CACHE_HIT: ${{ steps.restore.outputs.cache-hit }}
+
+  test-setup-cache-restore-cache-false:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup with cache
+        uses: ./
+        with:
+          enable-cache: true
+          cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-setup-cache-restore-cache-false
+      - run: uv sync
+        working-directory: __tests__/fixtures/uv-project
+        shell: bash
+  test-restore-cache-restore-cache-false:
+    runs-on: ubuntu-latest
+    needs: test-setup-cache-restore-cache-false
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Restore with cache
+        id: restore
+        uses: ./
+        with:
+          enable-cache: true
+          restore-cache: false
+          cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-setup-cache-restore-cache-false
+      - name: Cache was not hit
+        run: |
+          if [ "$CACHE_HIT" == "true" ]; then
+            exit 1
+          fi
+        env:
+          CACHE_HIT: ${{ steps.restore.outputs.cache-hit }}
+
   test-cache-local:
     strategy:
       matrix:
@@ -427,7 +609,9 @@ jobs:
             expected-cache-dir: "/home/ubuntu/.cache/uv"
     runs-on: ${{ matrix.inputs.os }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -442,7 +626,9 @@ jobs:
   test-setup-cache-local:
     runs-on: selfhosted-ubuntu-arm64
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Setup with cache
         uses: ./
         with:
@@ -455,7 +641,9 @@ jobs:
     runs-on: selfhosted-ubuntu-arm64
     needs: test-setup-cache-local
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Restore with cache
         id: restore
         uses: ./
@@ -476,7 +664,9 @@ jobs:
   test-tilde-expansion-cache-local-path:
     runs-on: selfhosted-ubuntu-arm64
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Create cache directory
         run: mkdir -p ~/uv-cache
         shell: bash
@@ -490,7 +680,9 @@ jobs:
   test-tilde-expansion-cache-dependency-glob:
     runs-on: selfhosted-ubuntu-arm64
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Create cache directory
         run: mkdir -p ~/uv-cache
         shell: bash
@@ -523,7 +715,9 @@ jobs:
   test-no-python-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Fake pyproject.toml at root
         run: cp __tests__/fixtures/old-python-constraint-project/pyproject.toml pyproject.toml
       - name: Setup with cache
@@ -536,7 +730,9 @@ jobs:
   test-custom-manifest-file:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Install from custom manifest file
         uses: ./
         with:
@@ -550,6 +746,50 @@ jobs:
             exit 1
           fi
 
+  test-absolute-path:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Create requirements.txt
+        run: echo "uv==0.6.17" > /tmp/setup-uv-requirements.txt
+      - name: Install from requirements file
+        id: setup-uv
+        uses: ./
+        with:
+          version-file: "/tmp/setup-uv-requirements.txt"
+      - name: Correct version gets installed
+        run: |
+          if [ "$(uv --version)" != "uv 0.6.17" ]; then
+            echo "Wrong uv version: $(uv --version)"
+            exit 1
+          fi
+
+  test-relative-path:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: mkdir
+        run: mkdir -p /tmp/setup-uv-test-relative-path
+      - name: Create requirements.txt
+        run: echo "uv==0.6.17" > /tmp/setup-uv-test-relative-path/setup-uv-requirements.txt
+      - name: Install from requirements file
+        id: setup-uv
+        uses: ./
+        with:
+          version-file: "./setup-uv-requirements.txt"
+          working-directory: "/tmp/setup-uv-test-relative-path"
+          cache-dependency-glob: "./setup-uv-requirements.txt"
+      - name: Correct version gets installed
+        run: |
+          if [ "$(uv --version)" != "uv 0.6.17" ]; then
+            echo "Wrong uv version: $(uv --version)"
+            exit 1
+          fi
+
   all-tests-passed:
     runs-on: ubuntu-latest
     needs:
@@ -561,6 +801,9 @@ jobs:
       - test-pyproject-file-version
       - test-malformed-pyproject-file-fallback
       - test-uv-file-version
+      - test-version-file-version
+      - test-version-file-hash-version
+      - test-tool-versions-file-version
       - test-checksum
       - test-with-explicit-token
       - test-uvx
@@ -576,6 +819,10 @@ jobs:
       - test-restore-cache-requirements-txt
       - test-setup-cache-dependency-glob
       - test-restore-cache-dependency-glob
+      - test-setup-cache-save-cache-false
+      - test-restore-cache-save-cache-false
+      - test-setup-cache-restore-cache-false
+      - test-restore-cache-restore-cache-false
       - test-setup-cache-local
       - test-restore-cache-local
       - test-tilde-expansion-cache-local-path
@@ -583,6 +830,8 @@ jobs:
       - cleanup-tilde-expansion-tests
       - test-no-python-version
       - test-custom-manifest-file
+      - test-absolute-path
+      - test-relative-path
     if: always()
     steps:
       - name: All tests passed

.github/workflows/update-known-versions.yml

@@ -3,16 +3,21 @@ on:
   workflow_dispatch:
   schedule:
     - cron: "0 4 * * *" # Run every day at 4am UTC
+  repository_dispatch:
+    types: [ pypi_release ]
+
+permissions: {}
 
 jobs:
   build:
     runs-on: ubuntu-24.04-arm
     permissions:
       contents: write
-      pull-requests: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: true
+      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           node-version: "20"
       - name: Update known versions
@@ -22,18 +27,25 @@ jobs:
           src/download/checksum/known-checksums.ts
           version-manifest.json
           ${{ secrets.GITHUB_TOKEN }}
-      - run: npm install && npm run all
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
-        with:
-          commit-message: "chore: update known versions"
-          title:
-            "chore: update known versions for ${{
-            steps.update-known-versions.outputs.latest-version }}"
-          body:
-            "chore: update known versions for ${{
-            steps.update-known-versions.outputs.latest-version }}"
-          base: main
-          labels: "automated-pr,update-known-versions"
-          branch: update-known-versions-pr
-          delete-branch: true
+      - name: Check for changes
+        id: changes_exist
+        run: |
+          git status --porcelain
+          if [ -n "$(git status --porcelain)" ]; then
+              echo "changes_exist=true" >> "$GITHUB_OUTPUT"
+          else
+              echo "changes_exist=false" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Compile changes
+        if: ${{ steps.changes_exist.outputs.changes_exist == 'true' }}
+        run: npm ci && npm run all
+      - name: Commit and push changes
+        if: ${{ steps.changes_exist.outputs.changes_exist == 'true' }}
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+          git add .
+          git commit -m "chore: update known versions for $LATEST_VERSION"
+          git push origin HEAD:refs/heads/main
+        env:
+          LATEST_VERSION: ${{ steps.update-known-versions.outputs.latest-version }}

.github/workflows/update-major-minor-tags.yml

@@ -8,6 +8,8 @@ on:
     tags:
       - "v*.*.*"
 
+permissions: {}
+
 jobs:
   update_major_minor_tags:
     name: Make sure major and minor tags are up to date on a patch release
@@ -15,7 +17,9 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: true # needed for git push below
       - name: Update Major Minor Tags
         run: |
           set -x

.vscode/extensions.json

@@ -0,0 +1,3 @@
+{
+  "recommendations": ["biomejs.biome"]
+}

.vscode/settings.json

@@ -0,0 +1,16 @@
+{
+  "editor.codeActionsOnSave": {
+    "source.action.useSortedAttributes.biome": "explicit",
+    "source.action.useSortedKeys.biome": "explicit",
+    "source.fixAll.biome": "explicit"
+  },
+  "editor.defaultFormatter": "biomejs.biome",
+  "editor.formatOnSave": true,
+  "explorer.excludeGitIgnore": false,
+  "search.defaultViewMode": "list",
+  "search.exclude": {
+    "**/node_modules": true
+  },
+  "typescript.enablePromptUseWorkspaceTsdk": true,
+  "typescript.tsdk": "node_modules/typescript/lib"
+}

README.md

@@ -15,12 +15,15 @@ Set up your GitHub Actions workflow with a specific version of [uv](https://docs
   - [Install the latest version](#install-the-latest-version)
   - [Install a specific version](#install-a-specific-version)
   - [Install a version by supplying a semver range or pep440 specifier](#install-a-version-by-supplying-a-semver-range-or-pep440-specifier)
+  - [Install a version defined in a requirements or config file](#install-a-version-defined-in-a-requirements-or-config-file)
   - [Python version](#python-version)
   - [Activate environment](#activate-environment)
   - [Working directory](#working-directory)
   - [Validate checksum](#validate-checksum)
   - [Enable Caching](#enable-caching)
     - [Cache dependency glob](#cache-dependency-glob)
+    - [Restore cache](#restore-cache)
+    - [Save cache](#save-cache)
   - [Local cache path](#local-cache-path)
   - [Disable cache pruning](#disable-cache-pruning)
   - [Ignore nothing to cache](#ignore-nothing-to-cache)
@@ -29,6 +32,7 @@ Set up your GitHub Actions workflow with a specific version of [uv](https://docs
   - [UV_TOOL_BIN_DIR](#uv_tool_bin_dir)
   - [Tilde Expansion](#tilde-expansion)
   - [Manifest file](#manifest-file)
+  - [Add problem matchers](#add-problem-matchers)
 - [How it works](#how-it-works)
 - [FAQ](#faq)
 
@@ -92,6 +96,21 @@ to install the latest version that satisfies the range.
     version: ">=0.4.25,<0.5"
 ```
 
+### Install a version defined in a requirements or config file
+
+You can use the `version-file` input to specify a file that contains the version of uv to install.
+This can either be a `pyproject.toml` or `uv.toml` file which defines a `required-version` or
+uv defined as a dependency in `pyproject.toml` or `requirements.txt`.
+
+[asdf](https://asdf-vm.com/) `.tool-versions` is also supported, but without the `ref` syntax.
+
+```yaml
+- name: Install uv based on the version defined in pyproject.toml
+  uses: astral-sh/setup-uv@v6
+  with:
+    version-file: "pyproject.toml"
+```
+
 ### Python version
 
 You can use the input `python-version` to set the environment variable `UV_PYTHON` for the rest of your workflow
@@ -106,7 +125,7 @@ This will override any python version specifications in `pyproject.toml` and `.p
 - run: uv pip install --python=3.13t pip
 ```
 
-You can combine this with a matrix to test multiple python versions:
+You can combine this with a matrix to test multiple Python versions:
 
 ```yaml
 jobs:
@@ -114,9 +133,9 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Install the latest version of uv and set the python version
         uses: astral-sh/setup-uv@v6
         with:
@@ -179,6 +198,10 @@ are automatically verified by this action. The sha256 hashes can be found on the
 
 ### Enable caching
 
+> [!NOTE]
+> The cache is pruned before it is uploaded to the GitHub Actions cache. This can lead to
+> a small or empty cache. See [Disable cache pruning](#disable-cache-pruning) for more details.
+
 If you enable caching, the [uv cache](https://docs.astral.sh/uv/concepts/cache/) will be uploaded to
 the GitHub Actions cache. This can speed up runs that reuse the cache by several minutes.
 Caching is enabled by default on GitHub-hosted runners.
@@ -227,6 +250,7 @@ changes. If you use relative paths, they are relative to the repository root.
 >   **/*constraints*.in
 >   **/pyproject.toml
 >   **/uv.lock
+>   **/*.py.lock
 > ```
 
 ```yaml
@@ -263,6 +287,33 @@ changes. If you use relative paths, they are relative to the repository root.
     cache-dependency-glob: ""
 ```
 
+#### Restore cache
+
+Restoring an existing cache can be enabled or disabled with the `restore-cache` input.
+By default, the cache will be restored.
+
+```yaml
+- name: Don't restore an existing cache
+  uses: astral-sh/setup-uv@v6
+  with:
+    enable-cache: true
+    restore-cache: false
+```
+
+#### Save cache
+
+You can also disable saving the cache after the run with the `save-cache` input.
+This can be useful to save cache storage when you know you will not use the cache of the run again.
+By default, the cache will be saved.
+
+```yaml
+- name: Don't save the cache after the run
+  uses: astral-sh/setup-uv@v6
+  with:
+    enable-cache: true
+    save-cache: false
+```
+
 ### Local cache path
 
 This action controls where uv stores its cache on the runner's filesystem by setting `UV_CACHE_DIR`.
@@ -382,6 +433,7 @@ If you want to change this behaviour (especially on self-hosted runners) you can
 
 This action supports expanding the `~` character to the user's home directory for the following inputs:
 
+- `version-file`
 - `cache-local-path`
 - `tool-dir`
 - `tool-bin-dir`
@@ -435,6 +487,21 @@ This is useful if you maintain your own uv builds or want to override the defaul
 > This means the action will install the latest version available in the custom manifest file.
 > This is different from the default behavior of installing the latest version from the official uv releases.
 
+### Add problem matchers
+
+This action automatically adds
+[problem matchers](https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md)
+for python errors.
+
+You can disable this by setting the `add-problem-matchers` input to `false`.
+
+```yaml
+- name: Install the latest version of uv without problem matchers
+  uses: astral-sh/setup-uv@v6
+  with:
+    add-problem-matchers: false
+```
+
 ## How it works
 
 This action downloads uv from the uv repo's official

__tests__/download/checksum/checksum.test.ts

@@ -1,4 +1,4 @@
-import { expect, test, it } from "@jest/globals";
+import { expect, it, test } from "@jest/globals";
 import {
   isknownVersion,
   validateChecksum,
@@ -22,12 +22,12 @@ type KnownVersionFixture = { version: string; known: boolean };
 
 it.each<KnownVersionFixture>([
   {
-    version: "0.3.0",
     known: true,
+    version: "0.3.0",
   },
   {
-    version: "0.0.15",
     known: false,
+    version: "0.0.15",
   },
 ])(
   "isknownVersion should return $known for version $version",

__tests__/download/custom-manifest.json

@@ -1,9 +1,9 @@
 [
   {
-    "version": "0.7.12-alpha.1",
-    "artifactName": "uv-x86_64-unknown-linux-gnu.tar.gz",
     "arch": "x86_64",
+    "artifactName": "uv-x86_64-unknown-linux-gnu.tar.gz",
+    "downloadUrl": "https://release.pyx.dev/0.7.12-alpha.1/uv-x86_64-unknown-linux-gnu.tar.gz",
     "platform": "unknown-linux-gnu",
-    "downloadUrl": "https://release.pyx.dev/0.7.12-alpha.1/uv-x86_64-unknown-linux-gnu.tar.gz"
+    "version": "0.7.12-alpha.1"
   }
 ]

__tests__/fixtures/.tool-versions

@@ -0,0 +1 @@
+uv 0.5.15

__tests__/fixtures/uv-in-requirements-hash-txt-project/hello_world.py

@@ -0,0 +1 @@
+print("Hello world")

__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt

@@ -0,0 +1,33 @@
+# This file was autogenerated by uv via the following command:
+#    uv pip compile --generate-hashes - -o ex-requirements.txt
+click==8.2.1 \
+    --hash=sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202 \
+    --hash=sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b
+    # via uvicorn
+h11==0.16.0 \
+    --hash=sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1 \
+    --hash=sha256:63cf8bbe7522de3bf65932fda1d9c2772064ffb3dae62d55932da54b31cb6c86
+    # via uvicorn
+uv==0.8.3 \
+    --hash=sha256:1121ad1c9389b865d029385031d3fd7d90d343c92a2149a4d4aa20bf469cb27f \
+    --hash=sha256:17bcdb0615e37cc5f985f7d7546f755ac6343c1dc8bbe876c892437f14f8f904 \
+    --hash=sha256:2ccaae4c749126c99f6404d67a0ae1eae29cbafb05603d09094a775061fdf4e5 \
+    --hash=sha256:2e311c029bff2ca07c6ddf877ccc5935cabb78e09b94b53a849542665b6a6fa1 \
+    --hash=sha256:391c97577048a40fd8c85b370055df6420f26e81df7fa906f0e0ce1aa2af3527 \
+    --hash=sha256:3f904f574dc2d7aa1d96ddf2483480ecd121dc9d060108cadd8bff100b754b64 \
+    --hash=sha256:526f2c3bd6f311ce31f6f7b6b7d818b191f41e76bed3aaab671b716220c02d8f \
+    --hash=sha256:5313ee776ad65731ffa8ac585246f987d3a2bf72e6153c12add1fff22ad6e500 \
+    --hash=sha256:5843cc43bafad05cc710d8e31bd347ee37202462a63d32c30746e9df48cfbda2 \
+    --hash=sha256:76de331a07e5ae9b6490e70a9439a072b91b3167a5684510af10c2752c4ece9a \
+    --hash=sha256:8486f7576d15cc73509f93f47b3190f44701ea36839906369301b58c8604d5db \
+    --hash=sha256:8b16f1bddfdf8f7470924ab34a7b55e4c372d5340c7c1e47e7fc84a743dc541f \
+    --hash=sha256:966ec7d7f57521fef0fee685d71e183c9cafb358ddcfe27519dfeaf40550f247 \
+    --hash=sha256:989898caeb6e972979543b57547d1c28ab8af81ff8fc15921fd354c17d432749 \
+    --hash=sha256:9ce7981f4fbeecf93dc5cf0a5a7915e84956fd99ad3ac977c048fe0cfdb1a17e \
+    --hash=sha256:ad13453ab0a1dfa64a221aac8f52199efdcaa52c97134fffd7bcebed794a6f4b \
+    --hash=sha256:ae7efe91dcfc24126fa91e0fb69a1daf6c0e494a781ba192bb0cc62d7ab623ee \
+    --hash=sha256:daa6e0d657a94f20e962d4a03d833ef7af5c8e51b7c8a2d92ba6cf64a4c07ac1 \
+    --hash=sha256:f1eb7c896fc0d80ed534748aaf46697b6ebc8ce401f1c51666ce0b9923c3db9a
+uvicorn==0.35.0 \
+    --hash=sha256:197535216b25ff9b785e29a0b79199f55222193d47f820816e7da751e9bc8d4a \
+    --hash=sha256:bc662f087f7cf2ce11a1d7fd70b90c9f98ef2e2831556dd078d131b96cc94a01

__tests__/fixtures/uv-in-requirements-txt-project/hello_world.py

@@ -0,0 +1 @@
+print("Hello world")

__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt

@@ -0,0 +1,2 @@
+uvicorn==0.35.0
+uv==0.6.17

__tests__/utils/inputs.test.ts

@@ -0,0 +1,86 @@
+jest.mock("@actions/core", () => {
+  return {
+    debug: jest.fn(),
+    getBooleanInput: jest.fn(
+      (name: string) => (mockInputs[name] ?? "") === "true",
+    ),
+    getInput: jest.fn((name: string) => mockInputs[name] ?? ""),
+  };
+});
+
+import {
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  it,
+  jest,
+} from "@jest/globals";
+
+// Will be mutated per test before (re-)importing the module under test
+let mockInputs: Record<string, string> = {};
+const ORIGINAL_HOME = process.env.HOME;
+
+describe("cacheDependencyGlob", () => {
+  beforeEach(() => {
+    jest.resetModules();
+    mockInputs = {};
+    process.env.HOME = "/home/testuser";
+  });
+
+  afterEach(() => {
+    process.env.HOME = ORIGINAL_HOME;
+  });
+
+  it("returns empty string when input not provided", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe("");
+  });
+
+  it("resolves a single relative path", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    mockInputs["cache-dependency-glob"] = "requirements.txt";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe("/workspace/requirements.txt");
+  });
+
+  it("strips leading ./ from relative path", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    mockInputs["cache-dependency-glob"] = "./uv.lock";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe("/workspace/uv.lock");
+  });
+
+  it("handles multiple lines, trimming whitespace, tilde expansion and absolute paths", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    mockInputs["cache-dependency-glob"] =
+      "  ~/.cache/file1\n ./rel/file2  \nfile3.txt";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe(
+      [
+        "/home/testuser/.cache/file1", // expanded tilde, absolute path unchanged
+        "/workspace/rel/file2", // ./ stripped and resolved
+        "/workspace/file3.txt", // relative path resolved
+      ].join("\n"),
+    );
+  });
+
+  it("keeps absolute path unchanged in multiline input", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    mockInputs["cache-dependency-glob"] = "/abs/path.lock\nrelative.lock";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe(
+      ["/abs/path.lock", "/workspace/relative.lock"].join("\n"),
+    );
+  });
+
+  it("handles exclusions in relative paths correct", async () => {
+    mockInputs["working-directory"] = "/workspace";
+    mockInputs["cache-dependency-glob"] = "!/abs/path.lock\n!relative.lock";
+    const { cacheDependencyGlob } = await import("../../src/utils/inputs");
+    expect(cacheDependencyGlob).toBe(
+      ["!/abs/path.lock", "!/workspace/relative.lock"].join("\n"),
+    );
+  });
+});

__tests__/version/requirements-file.test.ts

@@ -0,0 +1,9 @@
+import { expect, test } from "@jest/globals";
+import { getUvVersionFromFile } from "../../src/version/resolve";
+
+test("ignores dependencies starting with uv", async () => {
+  const parsedVersion = getUvVersionFromFile(
+    "__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt",
+  );
+  expect(parsedVersion).toBe("0.6.17");
+});

__tests__/version/requirements-hashes-file.test.ts

@@ -0,0 +1,9 @@
+import { expect, test } from "@jest/globals";
+import { getUvVersionFromFile } from "../../src/version/resolve";
+
+test("ignores dependencies starting with uv", async () => {
+  const parsedVersion = getUvVersionFromFile(
+    "__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt",
+  );
+  expect(parsedVersion).toBe("0.8.3");
+});

__tests__/version/tool-versions-file.test.ts

@@ -0,0 +1,115 @@
+jest.mock("node:fs");
+jest.mock("@actions/core", () => ({
+  warning: jest.fn(),
+}));
+
+import fs from "node:fs";
+import * as core from "@actions/core";
+import { beforeEach, describe, expect, it, jest } from "@jest/globals";
+import { getUvVersionFromToolVersions } from "../../src/version/tool-versions-file";
+
+const mockedFs = fs as jest.Mocked<typeof fs>;
+const mockedCore = core as jest.Mocked<typeof core>;
+
+describe("getUvVersionFromToolVersions", () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it("should return undefined for non-.tool-versions files", () => {
+    const result = getUvVersionFromToolVersions("package.json");
+    expect(result).toBeUndefined();
+    expect(mockedFs.readFileSync).not.toHaveBeenCalled();
+  });
+
+  it("should return version for valid uv entry", () => {
+    const fileContent = "python 3.11.0\nuv 0.1.0\nnodejs 18.0.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBe("0.1.0");
+    expect(mockedFs.readFileSync).toHaveBeenCalledWith(
+      ".tool-versions",
+      "utf8",
+    );
+  });
+
+  it("should return version for uv entry with v prefix", () => {
+    const fileContent = "uv v0.2.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBe("0.2.0");
+  });
+
+  it("should handle whitespace around uv entry", () => {
+    const fileContent = "  uv   0.3.0  ";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBe("0.3.0");
+  });
+
+  it("should skip commented lines", () => {
+    const fileContent = "# uv 0.1.0\npython 3.11.0\nuv 0.2.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBe("0.2.0");
+  });
+
+  it("should return first matching uv version", () => {
+    const fileContent = "uv 0.1.0\npython 3.11.0\nuv 0.2.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBe("0.1.0");
+  });
+
+  it("should return undefined when no uv entry found", () => {
+    const fileContent = "python 3.11.0\nnodejs 18.0.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBeUndefined();
+  });
+
+  it("should return undefined for empty file", () => {
+    mockedFs.readFileSync.mockReturnValue("");
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBeUndefined();
+  });
+
+  it("should warn and return undefined for ref syntax", () => {
+    const fileContent = "uv ref:main";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions(".tool-versions");
+
+    expect(result).toBeUndefined();
+    expect(mockedCore.warning).toHaveBeenCalledWith(
+      "The ref syntax of .tool-versions is not supported. Please use a released version instead.",
+    );
+  });
+
+  it("should handle file path with .tool-versions extension", () => {
+    const fileContent = "uv 0.1.0";
+    mockedFs.readFileSync.mockReturnValue(fileContent);
+
+    const result = getUvVersionFromToolVersions("path/to/.tool-versions");
+
+    expect(result).toBe("0.1.0");
+    expect(mockedFs.readFileSync).toHaveBeenCalledWith(
+      "path/to/.tool-versions",
+      "utf8",
+    );
+  });
+});

action.yml

@@ -6,6 +6,9 @@ inputs:
   version:
     description: "The version of uv to install e.g., `0.5.0` Defaults to the version in pyproject.toml or 'latest'."
     default: ""
+  version-file:
+    description: "Path to a file containing the version of uv to install. Defaults to searching for uv.toml and if not found pyproject.toml."
+    default: ""
   python-version:
     description: "The version of Python to set UV_PYTHON to"
     required: false
@@ -41,6 +44,13 @@ inputs:
       **/*constraints*.in
       **/pyproject.toml
       **/uv.lock
+      **/*.py.lock
+  restore-cache:
+    description: "Whether to restore the cache if found."
+    default: "true"
+  save-cache:
+    description: "Whether to save the cache after the run."
+    default: "true"
   cache-suffix:
     description: "Suffix for the cache key"
     required: false
@@ -65,6 +75,9 @@ inputs:
   manifest-file:
     description: "URL to the manifest file containing available versions and download URLs."
     required: false
+  add-problem-matchers:
+    description: "Add problem matchers."
+    default: "true"
 outputs:
   uv-version:
     description: "The installed uv version. Useful when using latest."

biome.json

@@ -1,20 +1,34 @@
 {
-  "$schema": "https://biomejs.dev/schemas/1.9.2/schema.json",
-  "vcs": {
-    "enabled": true,
-    "clientKind": "git",
-    "useIgnoreFile": false
+  "$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
+  "assist": {
+    "actions": {
+      "source": {
+        "organizeImports": "on",
+        "useSortedAttributes": "on",
+        "useSortedKeys": "on"
+      }
+    }
   },
   "files": {
     "ignoreUnknown": false,
-    "ignore": ["dist", "lib", "node_modules"]
+    "includes": [
+      "**",
+      "!**/dist",
+      "!**/lib",
+      "!**/node_modules",
+      "!**/package*.json",
+      "!**/known-checksums.*"
+    ]
   },
   "formatter": {
     "enabled": true,
     "indentStyle": "space"
   },
-  "organizeImports": {
-    "enabled": true
+  "javascript": {
+    "formatter": {
+      "quoteStyle": "double",
+      "trailingCommas": "all"
+    }
   },
   "linter": {
     "enabled": true,
@@ -22,10 +36,9 @@
       "recommended": true
     }
   },
-  "javascript": {
-    "formatter": {
-      "quoteStyle": "double",
-      "trailingCommas": "all"
-    }
+  "vcs": {
+    "clientKind": "git",
+    "enabled": true,
+    "useIgnoreFile": false
   }
 }

package.json

@@ -6,14 +6,12 @@
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc",
-    "format": "biome format --fix",
-    "format-check": "biome format",
-    "lint": "biome lint --fix",
+    "check": "biome check --write",
     "package": "ncc build -o dist/setup src/setup-uv.ts && ncc build -o dist/save-cache src/save-cache.ts && ncc build -o dist/update-known-versions src/update-known-versions.ts",
     "test": "jest",
     "act": "act pull_request -W .github/workflows/test.yml --container-architecture linux/amd64 -s GITHUB_TOKEN=\"$(gh auth token)\"",
     "update-known-versions": "RUNNER_TEMP=known_versions node dist/update-known-versions/index.js src/download/checksum/known-versions.ts \"$(gh auth token)\"",
-    "all": "npm run build && npm run format && npm run lint && npm run package && npm test"
+    "all": "npm run build && npm run check && npm run package && npm test"
   },
   "repository": {
     "type": "git",
@@ -23,28 +21,28 @@
   "author": "@eifinger",
   "license": "MIT",
   "dependencies": {
-    "@actions/cache": "^4.0.3",
+    "@actions/cache": "^4.0.5",
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
     "@actions/glob": "^0.5.0",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.2",
-    "@octokit/core": "^7.0.2",
-    "@octokit/plugin-paginate-rest": "^12.0.0",
-    "@octokit/plugin-rest-endpoint-methods": "^14.0.0",
-    "@renovatebot/pep440": "^4.1.0",
-    "smol-toml": "^1.3.4",
-    "undici": "^7.10.0"
+    "@octokit/core": "^7.0.3",
+    "@octokit/plugin-paginate-rest": "^13.1.1",
+    "@octokit/plugin-rest-endpoint-methods": "^16.0.0",
+    "@renovatebot/pep440": "^4.2.0",
+    "smol-toml": "^1.4.2",
+    "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@biomejs/biome": "1.9.4",
+    "@biomejs/biome": "2.2.4",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^22.15.21",
-    "@types/semver": "^7.7.0",
+    "@types/node": "^24.3.1",
+    "@types/semver": "^7.7.1",
     "@vercel/ncc": "^0.38.3",
-    "jest": "^29.7.0",
+    "jest": "^30.1.3",
     "js-yaml": "^4.1.0",
-    "ts-jest": "^29.3.2",
-    "typescript": "^5.8.3"
+    "ts-jest": "^29.4.1",
+    "typescript": "^5.9.2"
   }
 }

src/cache/restore-cache.ts

@@ -1,16 +1,17 @@
 import * as cache from "@actions/cache";
 import * as core from "@actions/core";
+import * as exec from "@actions/exec";
+import { hashFiles } from "../hash/hash-files";
 import {
   cacheDependencyGlob,
   cacheLocalPath,
   cacheSuffix,
   pruneCache,
   pythonVersion as pythonVersionInput,
+  restoreCache as shouldRestoreCache,
   workingDirectory,
 } from "../utils/inputs";
 import { getArch, getPlatform } from "../utils/platforms";
-import { hashFiles } from "../hash/hash-files";
-import * as exec from "@actions/exec";
 
 export const STATE_CACHE_KEY = "cache-key";
 export const STATE_CACHE_MATCHED_KEY = "cache-matched-key";
@@ -18,6 +19,12 @@ const CACHE_VERSION = "1";
 
 export async function restoreCache(): Promise<void> {
   const cacheKey = await computeKeys();
+  core.saveState(STATE_CACHE_KEY, cacheKey);
+
+  if (!shouldRestoreCache) {
+    core.info("restore-cache is false. Skipping restore cache step.");
+    return;
+  }
 
   let matchedKey: string | undefined;
   core.info(
@@ -32,8 +39,6 @@ export async function restoreCache(): Promise<void> {
     return;
   }
 
-  core.saveState(STATE_CACHE_KEY, cacheKey);
-
   handleMatchResult(matchedKey, cacheKey);
 }
 
@@ -67,12 +72,12 @@ async function getPythonVersion(): Promise<string> {
 
   let output = "";
   const options: exec.ExecOptions = {
-    silent: !core.isDebug(),
     listeners: {
       stdout: (data: Buffer) => {
         output += data.toString();
       },
     },
+    silent: !core.isDebug(),
   };
 
   try {

src/download/checksum/checksum.ts

@@ -1,9 +1,9 @@
-import * as fs from "node:fs";
 import * as crypto from "node:crypto";
+import * as fs from "node:fs";
 
 import * as core from "@actions/core";
-import { KNOWN_CHECKSUMS } from "./known-checksums";
 import type { Architecture, Platform } from "../../utils/platforms";
+import { KNOWN_CHECKSUMS } from "./known-checksums";
 
 export async function validateChecksum(
   checkSum: string | undefined,
@@ -12,7 +12,7 @@ export async function validateChecksum(
   platform: Platform,
   version: string,
 ): Promise<void> {
-  let isValid: boolean | undefined = undefined;
+  let isValid: boolean | undefined;
   if (checkSum !== undefined && checkSum !== "") {
     isValid = await validateFileCheckSum(downloadPath, checkSum);
   } else {

src/download/download-version.ts

@@ -1,12 +1,12 @@
+import { promises as fs } from "node:fs";
+import * as path from "node:path";
 import * as core from "@actions/core";
 import * as tc from "@actions/tool-cache";
-import * as path from "node:path";
 import * as pep440 from "@renovatebot/pep440";
-import { promises as fs } from "node:fs";
 import { OWNER, REPO, TOOL_CACHE_NAME } from "../utils/constants";
+import { Octokit } from "../utils/octokit";
 import type { Architecture, Platform } from "../utils/platforms";
 import { validateChecksum } from "./checksum/checksum";
-import { Octokit } from "../utils/octokit";
 import {
   getDownloadUrl,
   getLatestKnownVersion as getLatestVersionInManifest,
@@ -24,7 +24,7 @@ export function tryGetFromToolCache(
     resolvedVersion = version;
   }
   const installedPath = tc.find(TOOL_CACHE_NAME, resolvedVersion, arch);
-  return { version: resolvedVersion, installedPath };
+  return { installedPath, version: resolvedVersion };
 }
 
 export async function downloadVersionFromGithub(
@@ -121,7 +121,7 @@ async function downloadVersion(
     version,
     arch,
   );
-  return { version: version, cachedToolDir };
+  return { cachedToolDir, version: version };
 }
 
 function getExtension(platform: Platform): string {
@@ -160,6 +160,7 @@ export async function resolveVersion(
 }
 
 async function getAvailableVersions(githubToken: string): Promise<string[]> {
+  core.info("Getting available versions from GitHub API...");
   try {
     const octokit = new Octokit({
       auth: githubToken,
@@ -184,11 +185,17 @@ async function getReleaseTagNames(
     owner: OWNER,
     repo: REPO,
   });
-  return response.map((release) => release.tag_name);
+  const releaseTagNames = response.map((release) => release.tag_name);
+  if (releaseTagNames.length === 0) {
+    throw Error(
+      "Github API request failed while getting releases. Check the GitHub status page for outages. Try again later.",
+    );
+  }
+  return releaseTagNames;
 }
 
 async function getLatestVersion(githubToken: string) {
-  core.debug("Getting latest version...");
+  core.info("Getting latest version from GitHub API...");
   const octokit = new Octokit({
     auth: githubToken,
   });
@@ -197,14 +204,18 @@ async function getLatestVersion(githubToken: string) {
   try {
     latestRelease = await getLatestRelease(octokit);
   } catch (err) {
-    core.info(
-      "No (valid) GitHub token provided. Falling back to anonymous. Requests might be rate limited.",
-    );
-    if (err instanceof Error) {
-      core.debug(err.message);
+    if ((err as Error).message.includes("Bad credentials")) {
+      core.info(
+        "No (valid) GitHub token provided. Falling back to anonymous. Requests might be rate limited.",
+      );
+      const octokit = new Octokit();
+      latestRelease = await getLatestRelease(octokit);
+    } else {
+      core.error(
+        "Github API request failed while getting latest release. Check the GitHub status page for outages. Try again later.",
+      );
+      throw err;
     }
-    const octokit = new Octokit();
-    latestRelease = await getLatestRelease(octokit);
   }
 
   if (!latestRelease) {

src/download/version-manifest.ts

@@ -1,8 +1,8 @@
 import { promises as fs } from "node:fs";
+import { join } from "node:path";
 import * as core from "@actions/core";
 import * as semver from "semver";
 import { fetch } from "../utils/fetch";
-import { join } from "node:path";
 
 const localManifestFile = join(__dirname, "..", "..", "version-manifest.json");
 
@@ -79,11 +79,11 @@ export async function updateVersionManifest(
     }
     const artifactParts = artifactName.split(".")[0].split("-");
     manifest.push({
-      version: version,
-      artifactName: artifactName,
       arch: artifactParts[1],
-      platform: artifactName.split(`uv-${artifactParts[1]}-`)[1].split(".")[0],
+      artifactName: artifactName,
       downloadUrl: downloadUrl,
+      platform: artifactName.split(`uv-${artifactParts[1]}-`)[1].split(".")[0],
+      version: version,
     });
   }
   core.debug(`Updating manifest-file: ${JSON.stringify(manifest)}`);

src/hash/hash-files.ts

@@ -1,8 +1,8 @@
 import * as crypto from "node:crypto";
-import * as core from "@actions/core";
 import * as fs from "node:fs";
 import * as stream from "node:stream";
 import * as util from "node:util";
+import * as core from "@actions/core";
 import { create } from "@actions/glob";
 
 /**

src/save-cache.ts

@@ -1,22 +1,27 @@
+import * as fs from "node:fs";
 import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
-import * as fs from "node:fs";
 import {
-  STATE_CACHE_MATCHED_KEY,
   STATE_CACHE_KEY,
+  STATE_CACHE_MATCHED_KEY,
 } from "./cache/restore-cache";
 import {
   cacheLocalPath,
   enableCache,
   ignoreNothingToCache,
   pruneCache as shouldPruneCache,
+  saveCache as shouldSaveCache,
 } from "./utils/inputs";
 
 export async function run(): Promise<void> {
   try {
     if (enableCache) {
-      await saveCache();
+      if (shouldSaveCache) {
+        await saveCache();
+      } else {
+        core.info("save-cache is false. Skipping save cache step.");
+      }
       // node will stay alive if any promises are not resolved,
       // which is a possibility if HTTP requests are dangling
       // due to retries or timeouts. We know that if we got here
@@ -73,7 +78,7 @@ async function saveCache(): Promise<void> {
 
 async function pruneCache(): Promise<void> {
   const options: exec.ExecOptions = {
-    silent: !core.isDebug(),
+    silent: false,
   };
   const execArgs = ["cache", "prune", "--ci"];
 

src/setup-uv.ts

@@ -1,37 +1,38 @@
-import * as core from "@actions/core";
+import fs from "node:fs";
 import * as path from "node:path";
+import * as core from "@actions/core";
+import * as exec from "@actions/exec";
+import { restoreCache } from "./cache/restore-cache";
 import {
-  tryGetFromToolCache,
-  resolveVersion,
   downloadVersionFromGithub,
   downloadVersionFromManifest,
+  resolveVersion,
+  tryGetFromToolCache,
 } from "./download/download-version";
-import { restoreCache } from "./cache/restore-cache";
-
+import {
+  activateEnvironment as activateEnvironmentInput,
+  addProblemMatchers,
+  cacheLocalPath,
+  checkSum,
+  enableCache,
+  githubToken,
+  ignoreEmptyWorkdir,
+  manifestFile,
+  pythonVersion,
+  serverUrl,
+  toolBinDir,
+  toolDir,
+  versionFile as versionFileInput,
+  version as versionInput,
+  workingDirectory,
+} from "./utils/inputs";
 import {
   type Architecture,
   getArch,
   getPlatform,
   type Platform,
 } from "./utils/platforms";
-import {
-  activateEnvironment as activateEnvironmentInput,
-  cacheLocalPath,
-  checkSum,
-  ignoreEmptyWorkdir,
-  enableCache,
-  githubToken,
-  pythonVersion,
-  toolBinDir,
-  toolDir,
-  version as versionInput,
-  workingDirectory,
-  serverUrl,
-  manifestFile,
-} from "./utils/inputs";
-import * as exec from "@actions/exec";
-import fs from "node:fs";
-import { getUvVersionFromConfigFile } from "./utils/config-file";
+import { getUvVersionFromFile } from "./version/resolve";
 
 async function run(): Promise<void> {
   detectEmptyWorkdir();
@@ -133,10 +134,19 @@ async function determineVersion(
   if (versionInput !== "") {
     return await resolveVersion(versionInput, manifestFile, githubToken);
   }
-  const versionFromUvToml = getUvVersionFromConfigFile(
+  if (versionFileInput !== "") {
+    const versionFromFile = getUvVersionFromFile(versionFileInput);
+    if (versionFromFile === undefined) {
+      throw new Error(
+        `Could not determine uv version from file: ${versionFileInput}`,
+      );
+    }
+    return await resolveVersion(versionFromFile, manifestFile, githubToken);
+  }
+  const versionFromUvToml = getUvVersionFromFile(
     `${workingDirectory}${path.sep}uv.toml`,
   );
-  const versionFromPyproject = getUvVersionFromConfigFile(
+  const versionFromPyproject = getUvVersionFromFile(
     `${workingDirectory}${path.sep}pyproject.toml`,
   );
   if (versionFromUvToml === undefined && versionFromPyproject === undefined) {
@@ -217,8 +227,10 @@ function setCacheDir(cacheLocalPath: string): void {
 }
 
 function addMatchers(): void {
-  const matchersPath = path.join(__dirname, `..${path.sep}..`, ".github");
-  core.info(`##[add-matcher]${path.join(matchersPath, "python.json")}`);
+  if (addProblemMatchers) {
+    const matchersPath = path.join(__dirname, `..${path.sep}..`, ".github");
+    core.info(`##[add-matcher]${path.join(matchersPath, "python.json")}`);
+  }
 }
 
 run();

src/update-known-versions.ts

@@ -1,14 +1,12 @@
-import * as semver from "semver";
 import * as core from "@actions/core";
-import { Octokit } from "./utils/octokit";
-
-import { OWNER, REPO } from "./utils/constants";
-
+import * as semver from "semver";
 import { updateChecksums } from "./download/checksum/update-known-checksums";
 import {
-  updateVersionManifest,
   getLatestKnownVersion,
+  updateVersionManifest,
 } from "./download/version-manifest";
+import { OWNER, REPO } from "./utils/constants";
+import { Octokit } from "./utils/octokit";
 
 async function run(): Promise<void> {
   const checksumFilePath = process.argv.slice(2)[0];

src/utils/config-file.ts

@@ -1,46 +0,0 @@
-import fs from "node:fs";
-import * as core from "@actions/core";
-import * as toml from "smol-toml";
-
-export function getUvVersionFromConfigFile(
-  filePath: string,
-): string | undefined {
-  core.info(`Trying to find required-version for uv in: ${filePath}`);
-  if (!fs.existsSync(filePath)) {
-    core.info(`Could not find file: ${filePath}`);
-    return undefined;
-  }
-  let requiredVersion: string | undefined;
-  try {
-    requiredVersion = getRequiredVersion(filePath);
-  } catch (err) {
-    const message = (err as Error).message;
-    core.warning(`Error while parsing ${filePath}: ${message}`);
-    return undefined;
-  }
-
-  if (requiredVersion?.startsWith("==")) {
-    requiredVersion = requiredVersion.slice(2);
-  }
-  if (requiredVersion !== undefined) {
-    core.info(
-      `Found required-version for uv in ${filePath}: ${requiredVersion}`,
-    );
-  }
-  return requiredVersion;
-}
-
-function getRequiredVersion(filePath: string): string | undefined {
-  const fileContent = fs.readFileSync(filePath, "utf-8");
-
-  if (filePath.endsWith("pyproject.toml")) {
-    const tomlContent = toml.parse(fileContent) as {
-      tool?: { uv?: { "required-version"?: string } };
-    };
-    return tomlContent?.tool?.uv?.["required-version"];
-  }
-  const tomlContent = toml.parse(fileContent) as {
-    "required-version"?: string;
-  };
-  return tomlContent["required-version"];
-}

src/utils/fetch.ts

@@ -1,4 +1,4 @@
-import { fetch as undiciFetch, ProxyAgent, type RequestInit } from "undici";
+import { ProxyAgent, type RequestInit, fetch as undiciFetch } from "undici";
 
 export function getProxyAgent() {
   const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;

src/utils/inputs.ts

@@ -1,16 +1,18 @@
-import * as core from "@actions/core";
 import path from "node:path";
-import { getManifestFromRepo } from "@actions/tool-cache";
+import * as core from "@actions/core";
 
+export const workingDirectory = core.getInput("working-directory");
 export const version = core.getInput("version");
+export const versionFile = getVersionFile();
 export const pythonVersion = core.getInput("python-version");
 export const activateEnvironment = core.getBooleanInput("activate-environment");
-export const workingDirectory = core.getInput("working-directory");
 export const checkSum = core.getInput("checksum");
 export const enableCache = getEnableCache();
+export const restoreCache = core.getInput("restore-cache") === "true";
+export const saveCache = core.getInput("save-cache") === "true";
 export const cacheSuffix = core.getInput("cache-suffix") || "";
 export const cacheLocalPath = getCacheLocalPath();
-export const cacheDependencyGlob = core.getInput("cache-dependency-glob");
+export const cacheDependencyGlob = getCacheDependencyGlob();
 export const pruneCache = core.getInput("prune-cache") === "true";
 export const ignoreNothingToCache =
   core.getInput("ignore-nothing-to-cache") === "true";
@@ -21,6 +23,17 @@ export const toolDir = getToolDir();
 export const serverUrl = core.getInput("server-url");
 export const githubToken = core.getInput("github-token");
 export const manifestFile = getManifestFile();
+export const addProblemMatchers =
+  core.getInput("add-problem-matchers") === "true";
+
+function getVersionFile(): string {
+  const versionFileInput = core.getInput("version-file");
+  if (versionFileInput !== "") {
+    const tildeExpanded = expandTilde(versionFileInput);
+    return resolveRelativePath(tildeExpanded);
+  }
+  return versionFileInput;
+}
 
 function getEnableCache(): boolean {
   const enableCacheInput = core.getInput("enable-cache");
@@ -33,7 +46,8 @@ function getEnableCache(): boolean {
 function getToolBinDir(): string | undefined {
   const toolBinDirInput = core.getInput("tool-bin-dir");
   if (toolBinDirInput !== "") {
-    return expandTilde(toolBinDirInput);
+    const tildeExpanded = expandTilde(toolBinDirInput);
+    return resolveRelativePath(tildeExpanded);
   }
   if (process.platform === "win32") {
     if (process.env.RUNNER_TEMP !== undefined) {
@@ -49,7 +63,8 @@ function getToolBinDir(): string | undefined {
 function getToolDir(): string | undefined {
   const toolDirInput = core.getInput("tool-dir");
   if (toolDirInput !== "") {
-    return expandTilde(toolDirInput);
+    const tildeExpanded = expandTilde(toolDirInput);
+    return resolveRelativePath(tildeExpanded);
   }
   if (process.platform === "win32") {
     if (process.env.RUNNER_TEMP !== undefined) {
@@ -65,7 +80,8 @@ function getToolDir(): string | undefined {
 function getCacheLocalPath(): string {
   const cacheLocalPathInput = core.getInput("cache-local-path");
   if (cacheLocalPathInput !== "") {
-    return expandTilde(cacheLocalPathInput);
+    const tildeExpanded = expandTilde(cacheLocalPathInput);
+    return resolveRelativePath(tildeExpanded);
   }
   if (process.env.RUNNER_ENVIRONMENT === "github-hosted") {
     if (process.env.RUNNER_TEMP !== undefined) {
@@ -81,6 +97,19 @@ function getCacheLocalPath(): string {
   return `${process.env.HOME}${path.sep}.cache${path.sep}uv`;
 }
 
+function getCacheDependencyGlob(): string {
+  const cacheDependencyGlobInput = core.getInput("cache-dependency-glob");
+  if (cacheDependencyGlobInput !== "") {
+    return cacheDependencyGlobInput
+      .split("\n")
+      .map((part) => part.trim())
+      .map((part) => expandTilde(part))
+      .map((part) => resolveRelativePath(part))
+      .join("\n");
+  }
+  return cacheDependencyGlobInput;
+}
+
 function expandTilde(input: string): string {
   if (input.startsWith("~")) {
     return `${process.env.HOME}${input.substring(1)}`;
@@ -88,6 +117,18 @@ function expandTilde(input: string): string {
   return input;
 }
 
+function resolveRelativePath(inputPath: string): string {
+  const hasNegation = inputPath.startsWith("!");
+  const pathWithoutNegation = hasNegation ? inputPath.substring(1) : inputPath;
+
+  const resolvedPath = path.resolve(workingDirectory, pathWithoutNegation);
+
+  core.debug(
+    `Resolving relative path ${inputPath} to ${hasNegation ? "!" : ""}${resolvedPath}`,
+  );
+  return hasNegation ? `!${resolvedPath}` : resolvedPath;
+}
+
 function getManifestFile(): string | undefined {
   const manifestFileInput = core.getInput("manifest-file");
   if (manifestFileInput !== "") {

src/utils/octokit.ts

@@ -4,8 +4,8 @@ import type {
   OctokitOptions,
 } from "@octokit/core/dist-types/types";
 import {
-  paginateRest,
   type PaginateInterface,
+  paginateRest,
 } from "@octokit/plugin-paginate-rest";
 import { legacyRestEndpointMethods } from "@octokit/plugin-rest-endpoint-methods";
 import { fetch as customFetch } from "./fetch";

src/utils/platforms.ts

@@ -1,5 +1,5 @@
-import * as exec from "@actions/exec";
 import * as core from "@actions/core";
+import * as exec from "@actions/exec";
 export type Platform =
   | "unknown-linux-gnu"
   | "unknown-linux-musl"
@@ -16,11 +16,11 @@ export type Architecture =
 export function getArch(): Architecture | undefined {
   const arch = process.arch;
   const archMapping: { [key: string]: Architecture } = {
-    ia32: "i686",
-    x64: "x86_64",
     arm64: "aarch64",
-    s390x: "s390x",
+    ia32: "i686",
     ppc64: "powerpc64le",
+    s390x: "s390x",
+    x64: "x86_64",
   };
 
   if (arch in archMapping) {
@@ -31,8 +31,8 @@ export function getArch(): Architecture | undefined {
 export async function getPlatform(): Promise<Platform | undefined> {
   const processPlatform = process.platform;
   const platformMapping: { [key: string]: Platform } = {
-    linux: "unknown-linux-gnu",
     darwin: "apple-darwin",
+    linux: "unknown-linux-gnu",
     win32: "pc-windows-msvc",
   };
 
@@ -50,16 +50,16 @@ async function isMuslOs(): Promise<boolean> {
   let stdOutput = "";
   let errOutput = "";
   const options: exec.ExecOptions = {
-    silent: !core.isDebug(),
+    ignoreReturnCode: true,
     listeners: {
-      stdout: (data: Buffer) => {
-        stdOutput += data.toString();
-      },
       stderr: (data: Buffer) => {
         errOutput += data.toString();
       },
+      stdout: (data: Buffer) => {
+        stdOutput += data.toString();
+      },
     },
-    ignoreReturnCode: true,
+    silent: !core.isDebug(),
   };
 
   try {

src/version/config-file.ts

@@ -0,0 +1,22 @@
+import fs from "node:fs";
+import * as toml from "smol-toml";
+
+export function getRequiredVersionFromConfigFile(
+  filePath: string,
+): string | undefined {
+  if (!filePath.endsWith(".toml")) {
+    return undefined;
+  }
+  const fileContent = fs.readFileSync(filePath, "utf-8");
+
+  if (filePath.endsWith("pyproject.toml")) {
+    const tomlContent = toml.parse(fileContent) as {
+      tool?: { uv?: { "required-version"?: string } };
+    };
+    return tomlContent?.tool?.uv?.["required-version"];
+  }
+  const tomlContent = toml.parse(fileContent) as {
+    "required-version"?: string;
+  };
+  return tomlContent["required-version"];
+}

src/version/requirements-file.ts

@@ -0,0 +1,43 @@
+import fs from "node:fs";
+import * as toml from "smol-toml";
+
+export function getUvVersionFromRequirementsFile(
+  filePath: string,
+): string | undefined {
+  const fileContent = fs.readFileSync(filePath, "utf-8");
+  if (filePath.endsWith(".txt")) {
+    return getUvVersionFromAllDependencies(fileContent.split("\n"));
+  }
+  const dependencies = parsePyprojectDependencies(fileContent);
+  return getUvVersionFromAllDependencies(dependencies);
+}
+function getUvVersionFromAllDependencies(
+  allDependencies: string[],
+): string | undefined {
+  return allDependencies
+    .find((dep: string) => dep.match(/^uv[=<>~!]/))
+    ?.match(/^uv([=<>~!]+\S*)/)?.[1]
+    .trim();
+}
+
+interface Pyproject {
+  project?: {
+    dependencies?: string[];
+    "optional-dependencies"?: Record<string, string[]>;
+  };
+  "dependency-groups"?: Record<string, Array<string | object>>;
+}
+
+function parsePyprojectDependencies(pyprojectContent: string): string[] {
+  const pyproject: Pyproject = toml.parse(pyprojectContent);
+  const dependencies: string[] = pyproject?.project?.dependencies || [];
+  const optionalDependencies: string[] = Object.values(
+    pyproject?.project?.["optional-dependencies"] || {},
+  ).flat();
+  const devDependencies: string[] = Object.values(
+    pyproject?.["dependency-groups"] || {},
+  )
+    .flat()
+    .filter((item: string | object) => typeof item === "string");
+  return dependencies.concat(optionalDependencies, devDependencies);
+}

src/version/resolve.ts

@@ -0,0 +1,34 @@
+import fs from "node:fs";
+import * as core from "@actions/core";
+import { getRequiredVersionFromConfigFile } from "./config-file";
+import { getUvVersionFromRequirementsFile } from "./requirements-file";
+import { getUvVersionFromToolVersions } from "./tool-versions-file";
+
+export function getUvVersionFromFile(filePath: string): string | undefined {
+  core.info(`Trying to find version for uv in: ${filePath}`);
+  if (!fs.existsSync(filePath)) {
+    core.info(`Could not find file: ${filePath}`);
+    return undefined;
+  }
+  let uvVersion: string | undefined;
+  try {
+    uvVersion = getUvVersionFromToolVersions(filePath);
+    if (uvVersion === undefined) {
+      uvVersion = getRequiredVersionFromConfigFile(filePath);
+    }
+    if (uvVersion === undefined) {
+      uvVersion = getUvVersionFromRequirementsFile(filePath);
+    }
+  } catch (err) {
+    const message = (err as Error).message;
+    core.warning(`Error while parsing ${filePath}: ${message}`);
+    return undefined;
+  }
+  if (uvVersion?.startsWith("==")) {
+    uvVersion = uvVersion.slice(2);
+  }
+  if (uvVersion !== undefined) {
+    core.info(`Found version for uv in ${filePath}: ${uvVersion}`);
+  }
+  return uvVersion;
+}

src/version/tool-versions-file.ts

@@ -0,0 +1,31 @@
+import fs from "node:fs";
+import * as core from "@actions/core";
+
+export function getUvVersionFromToolVersions(
+  filePath: string,
+): string | undefined {
+  if (!filePath.endsWith(".tool-versions")) {
+    return undefined;
+  }
+  const fileContents = fs.readFileSync(filePath, "utf8");
+  const lines = fileContents.split("\n");
+
+  for (const line of lines) {
+    // Skip commented lines
+    if (line.trim().startsWith("#")) {
+      continue;
+    }
+    const match = line.match(/^\s*uv\s*v?\s*(?<version>[^\s]+)\s*$/);
+    if (match) {
+      const matchedVersion = match.groups?.version.trim();
+      if (matchedVersion?.startsWith("ref")) {
+        core.warning(
+          "The ref syntax of .tool-versions is not supported. Please use a released version instead.",
+        );
+        return undefined;
+      }
+      return matchedVersion;
+    }
+  }
+  return undefined;
+}

tsconfig.json

@@ -1,12 +1,12 @@
 {
   "compilerOptions": {
-    "target": "ES2022" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
+    "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
     "module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
+    "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
     "outDir": "./lib" /* Redirect output structure to the directory. */,
     "rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */,
     "strict": true /* Enable all strict type-checking options. */,
-    "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
-    "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    "target": "ES2022" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
   },
   "exclude": ["node_modules", "**/*.test.ts"]
 }