Netflix · whitdog47 · Jul 31, 2025 · Jul 25, 2025 · Jul 25, 2025 · Jul 25, 2025
diff --git a/.devcontainer/postCreateCommand.sh b/.devcontainer/postCreateCommand.sh
@@ -1,4 +1,4 @@
-pip install -e /workspaces/dispatch
+uv pip install -e /workspaces/dispatch
 npm install --prefix /workspaces/dispatch/src/dispatch/static/dispatch
 
 export LOG_LEVEL="ERROR"

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,5 +1,4 @@
 kevgliss
-metroid-samus
 mvilanova
 whitdog47
 wssheldon
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -92,32 +92,41 @@ jobs:
       - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.11
+          python-version: 3.11.11
       - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version-file: .nvmrc
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
           restore-keys: |
             ${{ runner.os }}-pip-
-      - name: Install python dependencies
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - name: Install dependencies
         run: |
           export DISPATCH_LIGHT_BUILD=1
-          python -m pip install --upgrade pip
-          pip install psycopg[binary]
-          pip install -e ".[dev]"
+          uv venv
+          source .venv/bin/activate
+          uv pip install psycopg[binary]
+          uv pip install -e ".[dev]"
       - name: Install npm dependencies
         run: |
           npm ci -D --prefix src/dispatch/static/dispatch
-          npm install -D @playwright/test
+          npm ci
       - name: Install playwright browsers
         run: npx playwright install --with-deps chromium
       - name: Setup sample database
-        run: dispatch database restore --dump-file data/dispatch-sample-data.dump --skip-check && dispatch database upgrade
+        run: |
+          source .venv/bin/activate
+          dispatch database restore --dump-file data/dispatch-sample-data.dump --skip-check && dispatch database upgrade
       - name: Run tests
-        run: npx playwright test --project=chromium --shard=${{ matrix.shard }}/4
+        run: |
+          source .venv/bin/activate
+          npx playwright test --project=chromium --shard=${{ matrix.shard }}/4
       - uses: actions/upload-artifact@v4
         if: always()
         with:

diff --git a/.github/workflows/publish-image-test.yml b/.github/workflows/publish-image-test.yml
@@ -1,15 +1,57 @@
 name: Test image build
 
-on: pull_request
+"on":
+  pull_request:
+    paths:
+      - "Dockerfile"
+      - "docker/Dockerfile"
+      - "src/**"
+      - "pyproject.toml"
+      - ".github/workflows/publish-image-test.yml"
 
 jobs:
   build_image:
-    name: Build Docker image
+    name: Build and test Docker image
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
-      - name: Build without push
-        uses: docker/build-push-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: dispatch-test
+          tags: |
+            type=ref,event=pr,prefix=pr-
+            type=sha,prefix=sha-
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
         with:
+          context: .
+          file: ./Dockerfile
           push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            SOURCE_COMMIT=${{ github.sha }}
+            VITE_DISPATCH_COMMIT_HASH=${{ github.sha }}
+
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     image-ref: "dispatch-test:${{ github.event.pull_request.head.sha || github.sha }}"
+      #     format: "sarif"
+      #     output: "trivy-results.sarif"
+
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   if: always()
+      #   with:
+      #     sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
@@ -1,19 +1,105 @@
 name: Publish Docker image
-on:
+
+"on":
   release:
     types: [published]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag to build and push"
+        required: true
+        default: "latest"
+
+env:
+  REGISTRY_GITHUB: ghcr.io
+  REGISTRY_DOCKERHUB: docker.io
+  IMAGE_NAME: netflix/dispatch
+
 jobs:
   push_to_registry:
-    name: Push Docker image to GitHub Packages
+    name: Build and push Docker image
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      security-events: write
     steps:
       - name: Check out the repo
         uses: actions/checkout@v4
-      - name: Push to GitHub Packages
-        uses: docker/build-push-action@v1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
+          registry: ${{ env.REGISTRY_GITHUB }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          registry: docker.pkg.github.com
-          repository: netflix/dispatch/dispatch-image
-          tag_with_ref: true
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        continue-on-error: true
+        with:
+          registry: ${{ env.REGISTRY_DOCKERHUB }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY_GITHUB }}/${{ env.IMAGE_NAME }}
+            ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=tag
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            SOURCE_COMMIT=${{ github.sha }}
+            VITE_DISPATCH_COMMIT_HASH=${{ github.sha }}
+
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     image-ref: ${{ env.REGISTRY_GITHUB }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+      #     format: "sarif"
+      #     output: "trivy-results.sarif"
+
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   if: always()
+      #   with:
+      #     sarif_file: "trivy-results.sarif"
+
+      # - name: Generate SBOM
+      #   uses: anchore/sbom-action@v0
+      #   with:
+      #     image: ${{ env.REGISTRY_GITHUB }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+      #     format: spdx-json
+      #     output-file: sbom.spdx.json
+
+      # - name: Upload SBOM
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: sbom
+      #     path: sbom.spdx.json
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
@@ -27,25 +27,32 @@ jobs:
       - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.11.2
+          python-version: 3.11.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
           restore-keys: |
             ${{ runner.os }}-pip-
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/install.sh | sh
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
       - name: Install python dependencies
         run: |
           export DISPATCH_LIGHT_BUILD=1
-          python -m pip install --upgrade pip
-          pip install -e ".[dev]"
+          uv venv
+          source .venv/bin/activate
+          uv pip install -e ".[dev]"
       - name: "Lint with ruff"
         run: |
+          source .venv/bin/activate
           ruff check src tests
           ruff format src tests
       - name: Test with pytest
         run: |
-          pip install pytest-cov
+          source .venv/bin/activate
+          uv pip install pytest-cov
           pytest --junitxml=junit/test-results.xml --cov=dispatch --cov-report=json:coverage.json --cov-report=xml --cov-report=html
       - name: Coverage per file
         # All modified files should meet the minimum code coverage requirement.

diff --git a/.gitignore b/.gitignore
@@ -133,6 +133,8 @@ ipython_config.py
 !data/.env
 .venv
 env/
+# uv
+uv.lock
 venv/
 ENV/
 env.bak/

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 # Quick Start:
 #
-# pip install pre-commit
+# uv pip install pre-commit
 # pre-commit install && pre-commit install -t pre-push
 # pre-commit run --all-files
 #
@@ -10,7 +10,7 @@
 fail_fast: false
 
 default_language_version:
-  python: python3.11.2
+  python: python3.11.11
 
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -15,8 +15,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
   # Needed for fetching stuff
   ca-certificates \
   wget \
+  curl \
   && rm -rf /var/lib/apt/lists/*
 
+# Install uv for building
+RUN curl -LsSf https://astral.sh/uv/0.4.17/install.sh | sh && \
+  mv /root/.cargo/bin/uv /usr/local/bin/
+
 RUN wget --quiet -O - https://deb.nodesource.com/setup_20.x | bash - \
   && apt-get install -y nodejs --no-install-recommends
 
@@ -51,7 +56,7 @@ COPY . /usr/src/dispatch/
 RUN YARN_CACHE_FOLDER="$(mktemp -d)" \
   && export YARN_CACHE_FOLDER \
   && pushd /usr/src/dispatch \
-  && python setup.py bdist_wheel \
+  && uv build \
   && rm -r "$YARN_CACHE_FOLDER" \
   && mv /usr/src/dispatch/dist /dist
 
@@ -81,9 +86,13 @@ ENV PIP_NO_CACHE_DIR=off \
 RUN apt-get update && apt-get install -y --no-install-recommends \
   # Needed for fetching stuff
   ca-certificates \
-  wget gnupg \
+  wget gnupg curl \
   && rm -rf /var/lib/apt/lists/*
 
+# Install uv
+RUN curl -LsSf https://astral.sh/uv/0.4.17/install.sh | sh && \
+  mv /root/.cargo/bin/uv /usr/local/bin/
+
 RUN echo "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main" > /etc/apt/sources.list.d/pgdg.list \
   && wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 
@@ -94,7 +103,7 @@ RUN buildDeps="" \
   && apt-get update \
   && apt-get install -y --no-install-recommends "$buildDeps" \
   # remove internal index when internal plugins are separated
-  && pip install -U /tmp/dist/*.whl \
+  && uv pip install --system -U /tmp/dist/*.whl \
   && apt-get purge -y --auto-remove "$buildDeps" \
   # We install run-time dependencies strictly after
   # build dependencies to prevent accidental collusion.
@@ -106,7 +115,7 @@ RUN buildDeps="" \
   && rm -rf /var/lib/apt/lists/* \
   # mjml has to be installed differently here because
   # after node 14, docker will install npm files at the
-  # root directoy and fail, so we have to create a new
+  # root directory and fail, so we have to create a new
   # directory and use it for the install then copy the
   # files to the root directory to maintain backwards
   # compatibility for email generation

diff --git a/docs/docs/administration/contributing/environment.mdx b/docs/docs/administration/contributing/environment.mdx
@@ -12,7 +12,7 @@ This guide assumes you're using an OS of the Linux/Unix variant \(Ubuntu/OS X\)
 Install Dispatch with PIP:
 
 ```bash
-> DISPATCH_LIGHT_BUILD=1 pip install -e .[dev]
+> DISPATCH_LIGHT_BUILD=1 uv pip install -e .[dev]
 ```
 
 Run dev server:
@@ -55,7 +55,7 @@ Create a new virtualenv just for Dispatch:
 Install Dispatch with pip:
 
 ```bash
-> pip install -e /path/to/dispatch
+> uv pip install -e /path/to/dispatch
 ```
 
 Test it by seeing if the `dispatch` command is in your path:

diff --git a/docs/docs/administration/contributing/plugins/index.mdx b/docs/docs/administration/contributing/plugins/index.mdx
@@ -78,7 +78,7 @@ setup(
 Once your plugin files are in place, you can load your plugin into your instance by installing your package:
 
 ```bash
-> pip install -e .
+> uv pip install -e .
 ```
 
 :::info

diff --git a/docs/docs/administration/upgrading.mdx b/docs/docs/administration/upgrading.mdx
@@ -20,7 +20,7 @@ In some cases, you may want to stop services before doing the upgrade process or
 The easiest way to upgrade the Dispatch package using `pip`:
 
 ```bash
-pip install --upgrade dispatch
+uv pip install --upgrade dispatch
 ```
 
 You may prefer to install a fixed version rather than the latest, as it will allow you to control changes.
-Original file line number
+Diff line change
@@ Expand Up / @@ -133,6 +133,8 @@ ipython_config.py @@
     !data/.env
     .venv
     env/
+    # uv
+    uv.lock
     venv/
     ENV/
     env.bak/
@@ Expand Down @@