[CI] use uv

[podkidyshev]

Summary

• pip install . or pip install .[dev] is not the right way to install requirements for cloudai. It must be uv sync

Test Plan

• Automated CI

Additional Notes

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 25b264fe-0f69-40b2-b720-b1107f7f24ab

📥 Commits

Reviewing files that changed from the base of the PR and between d7649b8 and 5a6db2d.

📒 Files selected for processing (1)

• .github/workflows/ci.yml

---

📝 Walkthrough

Walkthrough

The CI workflow's test job is migrated from pip to uv. Dependency installation switches from pip install '.[dev]' to uv sync --python <matrix-version> --extra dev. All pytest invocations are prefixed with uv run, and the local installation test steps replace pip install/uninstall with uv pip install/uninstall.

Changes

CI pip → uv migration

Layer / File(s)	Summary
Switch test job from pip to uv .github/workflows/ci.yml	Adds uv setup step; replaces pip install '.[dev]' with uv sync --python for the matrix version; prefixes all pytest commands (coverage, dead-fixtures, ci_only) with uv run; replaces pip install/uninstall with uv pip install/uninstall in the local installation verification step.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 Hippity-hop, I swapped out pip,
Now uv commands make my CI zip!
uv sync, uv run, what a delight,
The test job hops forward, swift and light.
No more bare pip — the rabbit approves! 🎉

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[CI] use uv' is concise and directly related to the main change: switching the CI workflow from pip to uv for dependency management.
Description check	✅ Passed	The description is related to the changeset, explaining why uv sync is the correct approach for cloudai and referencing automated CI testing.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ipod/fix-ci-uv

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Line 61: Pin all GitHub Actions in the CI workflow to their full commit SHAs
for supply-chain security instead of using mutable tag references. For each
action reference (including astral-sh/setup-uv, actions/checkout, and
actions/setup-python), replace the tag-only reference with the full commit SHA
and preserve the version tag in a comment immediately following for readability.
This prevents compromised upstream repositories or credentials from injecting
malicious code through mutable references.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: a802c9f5-358e-45af-9f4b-741aa02e75d2

📥 Commits

Reviewing files that changed from the base of the PR and between 1ffd32c and d7649b8.

📒 Files selected for processing (1)

• .github/workflows/ci.yml