I'm a huge believer in the rule that everything GH actions does should be a script you can also run locally.

Imustaskforhelp 3 hours ago | parent [-]

Yes I believe the same too and I think we are on the same goal. I think that I can probably patch this code to install uv, let's say locally instead of globally if that's a major concern. I feel like its not that hard.

	▲	quotemstr 3 hours ago \| parent [-]
		It's easy enough to patch. It's the philosophy that bugs me. We already have a huge problem with routine workflows pulling things from the network (often, without even a semblance of hash-locking) and foregoing the traditional separation between environment setup and business logic. There's a lot of value into having discrete steps for downloading/installing stuff and doing development, because then you can pay special attention to the former, look for anything odd, read release notes, and so on. Between explicit, human-solicited upgrades, dev workflows should be using, ideally, vendored dependencies, or, if not that, then at least stuff that's hash-verified end-to-end. Someday, someone is going to have a really big disaster that comes out of casual getting unauthenticated stuff from somebody else's computer.