nrfconnect · jaci-nordic · Jun 23, 2025
@@ -29,9 +29,7 @@ jobs:
       run: |
         pip3 install -U pip
         pip3 install -U wheel
-        grep -E "^setuptools" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
-        grep -E "^python-magic=|^junitparser|^lxml|^gitlint|^pylint|^pykwalify|^yamllint|^unidiff" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
-        grep -E "^west" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
+        pip3 install -U -r requirements-fixed.txt --require-hashes
         pip3 show -f west
 
     - name: Run merge commits test

@@ -25,8 +25,8 @@ jobs:
       - name: Install base dependencies
         working-directory: ncs
         run: |
-          pip3 install -r nrf/scripts/requirements-base.txt
-          pip3 install -r nrf/scripts/requirements-extra.txt
+          pip3 install -r nrf/scripts/requirements-base.txt --require-hashes
+          pip3 install -r nrf/scripts/requirements-extra.txt --require-hashes
 
       - name: Get repo urls
         working-directory: ncs

@@ -56,7 +56,7 @@ jobs:
       - name: Install Python dependencies
         working-directory: ncs
         run: |
-          pip install -r nrf/doc/requirements.txt
+          pip install -r nrf/doc/requirements.txt ---require-hashes
 
       - name: West zephyr-export
         working-directory: ncs

@@ -74,7 +74,7 @@ jobs:
 
     - name: Install license check script dependencies
       run: |
-        pip3 install -U -r ncs/nrf/scripts/ci/requirements.txt
+        pip3 install -r ncs/nrf/scripts/ci/requirements.txt --require-hashes
 
     - name: Run license checks
       id: license_checks

@@ -15,7 +15,7 @@ jobs:
       - name: Install extra python dependencies
         run: |
           pip3 install --upgrade pip setuptools west
-          pip3 install -r ncs/nrf/scripts/requirements-extra.txt
+          pip3 install -r ncs/nrf/scripts/requirements-extra.txt --require-hashes
 
       - name: Set upsteam
         working-directory: ncs

@@ -23,6 +23,6 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install packages
-        run: python -m pip install -r scripts/requirements-test.txt
+        run: python -m pip install -r scripts/requirements-test.txt --require-hashes
       - name: Run tests
         run: python -m pytest scripts --ignore=scripts/ci/test_plan.py
@@ -42,36 +42,26 @@ jobs:
         with:
           diff_file: "ncs/nrf/scripts/requirements-fixed.txt"
           script_call: |
-            cd ncs
-            OUT_FILE="nrf/scripts/requirements-fixed.txt"
-            echo "Writing frozen requirements to: $OUT_FILE"
-            echo "Log python version: $(python --version)"
-
-            TOPDIR=$(west topdir)
-            cd $TOPDIR
+            set -euo pipefail
 
-            source ~/.local/bin/virtualenvwrapper.sh
-            [[ $? != 0 ]] && echo "error sourcing virtualenvwrapper" && exit 1
+            echo "Installing uv..."
+            curl -LsSf https://astral.sh/uv/install.sh | sh
+            export PATH="$HOME/.cargo/bin:$PATH"
 
-            rmvirtualenv pip-fixed-venv > /dev/null 2>&1
-            # We need to force the result of the following command.
-            # For no aparent reason it returns 1 with the same output as local.
-            mkvirtualenv pip-fixed-venv  > /dev/null 2>&1 || true
-            workon pip-fixed-venv  > /dev/null 2>&1
+            cd ncs
+            OUT_FILE="nrf/scripts/requirements-fixed.txt"
+            TMP_OUT_FILE="$(mktemp)"
 
-            pip3 install \
-              --index-url https://files.nordicsemi.com/artifactory/api/pypi/nordic-pypi/simple \
-              pip-compile-cross-platform==1.4.2+nordic.3 --upgrade > /dev/null 2>&1
-            pip-compile-cross-platform \
+            echo "Regenerating $OUT_FILE using uv..."
+            uv pip compile \
+              --generate-hashes \
+              --output "$TMP_OUT_FILE" \
               bootloader/mcuboot/scripts/requirements.txt \
               zephyr/scripts/requirements.txt \
               nrf/scripts/requirements-west-ncs-sbom.txt \
               nrf/scripts/requirements-ci.txt \
               nrf/scripts/requirements-extra.txt \
-              nrf/scripts/requirements.txt \
-              --output-file nrf/scripts/requirements-fixed.txt \
-              --min-python-version 3.12 \
-              --index-url https://files.nordicsemi.com/artifactory/api/pypi/nordic-pypi/simple
+              nrf/scripts/requirements.txt
 
-            deactivate
-            rmvirtualenv pip-fixed-venv
+            echo "Comparing generated file with existing $OUT_FILE..."
+            diff -u "$OUT_FILE" "$TMP_OUT_FILE"
@@ -25,7 +25,7 @@ jobs:
           pip3 install -U setuptools
           pip3 install -U wheel
           pip3 install -U mypy types-colorama types-editdistance types-PyYAML
-          grep -E "west==" scripts/requirements-fixed.txt | cut -f1 -d"#" | cut -d ' ' -f '1'| xargs pip3 install -U
+          pip3 install -U -r scripts/requirements-fixed.txt --require-hashes
           pip3 show -f west
       - name: Run mypy
         working-directory: ncs/nrf/scripts/west_commands
@@ -49,8 +49,8 @@ jobs:
         shell: bash
         run: |
           python3 -m pip install -U pip
-          pip3 install -r nrf/scripts/requirements-west-ncs-sbom.txt
-          pip3 install -r nrf/scripts/requirements-extra.txt
+          pip3 install -r nrf/scripts/requirements-west-ncs-sbom.txt --require-hashes
+          pip3 install -r nrf/scripts/requirements-extra.txt --require-hashes
       - name: Smoke test ncs-loot & ncs-compare
         shell: bash
         run: |

@@ -0,0 +1,28 @@
+# This file lists all the dependencies required to build the documentation.
+# To update this file, follow these basic rules:
+#   - Keep it sorted alphabetically
+#   - Mark which docsets are using each dependency
+#   - Only specify version information if strictly required
+#   - Keep nrf/installation/recommended_versions.rst up to date
+
+# Extension                       | NCS | Kconfig | Matter | MCUboot | nrfxlib | TF-M | Zephyr |
+anytree                         # |     |         |        |         |         |      |   X    |
+azure-storage-blob              # |  X  |         |        |         |         |      |        |
+doxmlparser                     # |     |         |        |         |         |      |   X    |
+m2r2                            # |     |         |        |         |         |      |        |
+PyYAML                          # |  X  |         |        |         |         |      |   X    |
+pykwalify                       # |     |         |        |         |         |      |   X    |
+pytest                          # |     |         |        |         |         |      |   X    |
+recommonmark                    # |     |         |   X    |    X    |         |      |        |
+snowballstemmer<3.0.0           # https://github.com/snowballstem/snowball/issues/229
+sphinx>=8.1,<8.2                # |  X  |    X    |   X    |    X    |    X    |  X   |   X    |
+sphinx-autobuild                # |  X  |    X    |   X    |    X    |    X    |  X   |   X    |
+sphinx-copybutton               # |  X  |         |        |         |         |      |   X    |
+sphinx-ncs-theme<1.1            # |  X  |         |        |         |         |      |        |
+sphinx-notfound-page>=1.0.0     # |  X  |         |        |         |         |      |   X    |
+sphinx-tabs>=3.4                # |  X  |         |        |         |         |      |   X    |
+sphinx-togglebutton             # |  X  |         |        |         |         |      |   X    |
+sphinx_markdown_tables          # |     |         |   X    |         |         |      |        |
+sphinxcontrib-mscgen            # |  X  |         |        |         |    X    |      |        |
+sphinxcontrib-plantuml>=0.27    # |     |         |        |         |         |  X   |        |
+west>=1.0.0                     # |     |         |        |         |         |      |   X    |