From 4f605635d94b5bf12b039f384f3ef13e3460418a Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 12 May 2026 14:22:07 -0400
Subject: [PATCH] fix: install uvx in post-code and post-fix scripts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Agent runs were failing when the ty pre-commit hook tried to run type
checking via uvx. The uvx binary wasn't available on GitHub Actions
runners, causing authoritative pre-commit checks to fail with
"Executable 'uvx' not found".

Changes:
- Add UV_VERSION (0.11.14) configuration constant to both scripts
- Install uv/uvx before running pre-commit hooks
- Download and verify uv tarball with SHA256 checksum
- Extract both uv and uvx binaries to ${HOME}/.local/bin
- Add to PATH for pre-commit hook execution
- Follow same pattern as existing gitleaks and lychee installations
- Update section numbering in both scripts (5→6, 6→7, 7→8)

This completes the tooling setup that PR #831 started by adding lychee.
Both lychee (markdown link checking) and uvx (Python tooling via ty hook)
are now installed before pre-commit runs, preventing agent failures.

Related: #830 (pre-commit security), #100 (ty hook configuration)
Builds on: #831 (lychee installation), #783 (markdown link linter)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .../fullsend-repo/scripts/post-code.sh        | 25 ++++++++++++++++---
 .../fullsend-repo/scripts/post-fix.sh         | 25 ++++++++++++++++---
 2 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/internal/scaffold/fullsend-repo/scripts/post-code.sh b/internal/scaffold/fullsend-repo/scripts/post-code.sh
index 70aaaf2c1..a98dd5d98 100755
--- a/internal/scaffold/fullsend-repo/scripts/post-code.sh
+++ b/internal/scaffold/fullsend-repo/scripts/post-code.sh
@@ -37,6 +37,8 @@ GITLEAKS_VERSION="8.30.1"
 GITLEAKS_SHA256="551f6fc83ea457d62a0d98237cbad105af8d557003051f41f3e7ca7b3f2470eb"
 LYCHEE_VERSION="0.24.2"
 LYCHEE_SHA256="1f4e0ef7f6554a6ed33dd7ac144fb2e1bbed98598e7af973042fc5cd43951c9a"
+UV_VERSION="0.11.14"
+UV_SHA256="f3b623eb0e6141a7053d571d59a0bdc341e0f238ea8f5f0b4815ddbec9a2a296"
 
 # ---------------------------------------------------------------------------
 # Setup
@@ -133,7 +135,24 @@ if ! command -v lychee >/dev/null 2>&1; then
 fi
 
 # ---------------------------------------------------------------------------
-# 5. Authoritative pre-commit check
+# 5. Install uv and uvx (for pre-commit Python tooling)
+# ---------------------------------------------------------------------------
+if ! command -v uvx >/dev/null 2>&1; then
+  echo "Installing uv v${UV_VERSION} (includes uvx)..."
+  mkdir -p "${HOME}/.local/bin"
+  curl -fsSL \
+    "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" \
+    -o /tmp/uv.tar.gz \
+    && echo "${UV_SHA256}  /tmp/uv.tar.gz" | sha256sum -c - \
+    && tar xzf /tmp/uv.tar.gz -C /tmp \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uv "${HOME}/.local/bin/" \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx "${HOME}/.local/bin/" \
+    && rm -rf /tmp/uv.tar.gz /tmp/uv-x86_64-unknown-linux-gnu
+  export PATH="${HOME}/.local/bin:${PATH}"
+fi
+
+# ---------------------------------------------------------------------------
+# 6. Authoritative pre-commit check
 # ---------------------------------------------------------------------------
 if [ -f .pre-commit-config.yaml ]; then
   echo "Running authoritative pre-commit on agent's changed files..."
@@ -165,7 +184,7 @@ else
 fi
 
 # ---------------------------------------------------------------------------
-# 6. Push branch
+# 7. Push branch
 # ---------------------------------------------------------------------------
 git remote set-url origin \
   "https://x-access-token:${PUSH_TOKEN}@github.com/${REPO_FULL_NAME}.git"
@@ -174,7 +193,7 @@ echo "Pushing branch ${BRANCH}..."
 git push --force-with-lease -u origin -- "${BRANCH}" 2>&1
 
 # ---------------------------------------------------------------------------
-# 7. Create PR
+# 8. Create PR
 # ---------------------------------------------------------------------------
 export GH_TOKEN="${PUSH_TOKEN}"
 
diff --git a/internal/scaffold/fullsend-repo/scripts/post-fix.sh b/internal/scaffold/fullsend-repo/scripts/post-fix.sh
index c3a28c338..222f75afa 100644
--- a/internal/scaffold/fullsend-repo/scripts/post-fix.sh
+++ b/internal/scaffold/fullsend-repo/scripts/post-fix.sh
@@ -60,6 +60,8 @@ GITLEAKS_VERSION="8.30.1"
 GITLEAKS_SHA256="551f6fc83ea457d62a0d98237cbad105af8d557003051f41f3e7ca7b3f2470eb"
 LYCHEE_VERSION="0.24.2"
 LYCHEE_SHA256="1f4e0ef7f6554a6ed33dd7ac144fb2e1bbed98598e7af973042fc5cd43951c9a"
+UV_VERSION="0.11.14"
+UV_SHA256="f3b623eb0e6141a7053d571d59a0bdc341e0f238ea8f5f0b4815ddbec9a2a296"
 
 # ---------------------------------------------------------------------------
 # Setup
@@ -170,7 +172,24 @@ if ! command -v lychee >/dev/null 2>&1; then
 fi
 
 # ---------------------------------------------------------------------------
-# 4. Authoritative pre-commit check (only if pushing)
+# 4. Install uv and uvx (for pre-commit Python tooling)
+# ---------------------------------------------------------------------------
+if ! command -v uvx >/dev/null 2>&1; then
+  echo "Installing uv v${UV_VERSION} (includes uvx)..."
+  mkdir -p "${HOME}/.local/bin"
+  curl -fsSL \
+    "https://github.com/astral-sh/uv/releases/download/${UV_VERSION}/uv-x86_64-unknown-linux-gnu.tar.gz" \
+    -o /tmp/uv.tar.gz \
+    && echo "${UV_SHA256}  /tmp/uv.tar.gz" | sha256sum -c - \
+    && tar xzf /tmp/uv.tar.gz -C /tmp \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uv "${HOME}/.local/bin/" \
+    && mv /tmp/uv-x86_64-unknown-linux-gnu/uvx "${HOME}/.local/bin/" \
+    && rm -rf /tmp/uv.tar.gz /tmp/uv-x86_64-unknown-linux-gnu
+  export PATH="${HOME}/.local/bin:${PATH}"
+fi
+
+# ---------------------------------------------------------------------------
+# 5. Authoritative pre-commit check (only if pushing)
 # ---------------------------------------------------------------------------
 if [ "${NO_PUSH}" = "false" ] && [ -f .pre-commit-config.yaml ]; then
   echo "Running authoritative pre-commit on agent's changed files..."
@@ -196,7 +215,7 @@ if [ "${NO_PUSH}" = "false" ] && [ -f .pre-commit-config.yaml ]; then
 fi
 
 # ---------------------------------------------------------------------------
-# 5. Push branch (only if we have commits)
+# 6. Push branch (only if we have commits)
 # ---------------------------------------------------------------------------
 if [ "${NO_PUSH}" = "false" ]; then
   git remote set-url origin \
@@ -212,7 +231,7 @@ if [ "${NO_PUSH}" = "false" ]; then
 fi
 
 # ---------------------------------------------------------------------------
-# 6. Process structured output (fix-result.json)
+# 7. Process structured output (fix-result.json)
 # ---------------------------------------------------------------------------
 export GH_TOKEN="${PUSH_TOKEN}"