Ignore group completely when resolving depencencies.

[fizcris]

Summary

If we have a project.toml like:

[project]
name = "example"
version = "1.0.0"
description = "desccription"
readme = "README.md"
requires-python = ">=3.12"
dependencies = [
    "matplotlib>=3.10.0",
    "pandas>=2.2.3",
]

[dependency-groups]
internal = [
    "my-app-1">=1.0.0",
    "my-app-2">=2.0.0",
]

[tool.uv.sources]
my-app-1 = { index = "internalRepo"}
my-app-2 = { index = "internalRepo2"}

[[tool.uv.index]]
name = "internalRepo"
url = "https://my-internal-repo.com/simple"
explicit = true

[[tool.uv.index]]
name = "internalRepo2"
url = "https://my-internal-repo2.com/simple"
explicit = true

If in the moment we are solving dependencies there is access to the private repositories it will fail and there is no way to exclude the internal group.

So the following command will fail uv sync --no-group internal. And there is no known way to completely exclude the internal group from dep resolution.

Example

No response

[zanieb]

No, there's no way to exclude a group from the resolution at this time. If you did, it wouldn't be installable. What's the use-case for not having access to the index?

[fizcris]

That is ok if it is not installable.

If the index is a private repository and the app can only be installed when there is access to that repository, hence if you only need that library for some parts of the code you would have to install them manually when required.

The app could partially work without those libraries when it does not have access but is not able to resolve the deps hence renders the uv unusable and needs manual installation of the libraries.

[zanieb]

hence if you only need that library for some parts of the code you would have to install them manually when required.

How would you install these?

Why include them in [dependency-groups] if they can't actually be installed?

Why not generate the lockfile with access to the private index? You can still do partial installs later without access to the index.

[T-256]

Same as #10201.

I'm thinking of two possible solutions for this (if we want to support such situations...):

First, similar to #11064 but, instead, destruct uv.lock into per-group files (e.g. internal.uv.lock).

Second, it could lazy solving dependency for specified indexes:

[tool.uv.sources]
my-app-1 = { index = "internalRepo"}

[[tool.uv.index]]
name = "internalRepo"
url = "https://my-internal-repo.com/simple"
explicit = true
lazy = true

I don't know how much this is possible, via this option, dependencies with lazy indexes are not resolved in lockfile but when actually requested for install (e.g. uv sync --group internal).

[fizcris]

Well image that you have private machines and public machines, you dont want to be maintaining multiple lockfiles.

[zanieb]

I don't understand why you'd need multiple lockfiles. You'd lock on the private machine and it'd be usable everywhere?

[eremeevfd]

We also found ourselves in a similar situation.
Our case is: we need the libraries from private registry only for testing, but for production build, we don't want to expose credentials for registry and have these dependencies present at all.
But it's currently impossible to install only non-private dependencies unfortunately. Maybe it's possible to disable resolver at all if it's not needed?

[zanieb]

@eremeevfd you can uv sync --frozen and skip performing a resolution.