fix: introduce uv-lock in ci.yml

Author: sercancicek

.github/workflows/ci.yml

@@ -9,16 +9,12 @@ on:
     branches:
       - master
 
-  workflow_run: # chain from the uv-lock workflow
-    workflows: ["uv.lock on Dependabot PRs"]
-    types: [completed]
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   build:
-    # Only run if not a Dependabot PR, or once uv-lock has completed successfully
-    if: |
-      github.event_name == 'workflow_run' ||
-      github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -30,6 +26,20 @@ jobs:
         uses: astral-sh/setup-uv@v6
         with:
           python-version: ${{ matrix.python }}
+      # refresh lock only for Dependabot PRs
+      - name: Refresh uv.lock (Dependabot only)
+        if: |
+          github.event_name == 'pull_request' &&
+          github.actor == 'dependabot[bot]'
+        run: |
+          uv lock
+          if ! git diff --quiet -- uv.lock; then
+            git config user.name "github-actions[bot]"
+            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git add uv.lock
+            git commit -m "chore: refresh uv.lock"
+            git push || echo "push skipped (no perms)"
+          fi
       - name: Install dependencies
         run: |
           uv sync --locked --only-dev