chore(docs): consolidate docs deps onto uv-managed requirements.in/requirements.txt lockfile

[isaacbmiller]

Summary

The docs build was using docs/requirements.txt (loose, mostly unpinned) while docs/Pipfile + docs/Pipfile.lock lived next to it but were never installed by CI or referenced anywhere in the repo. Dependabot's pip ecosystem at /docs saw both file groups and treated them as independent update streams, which produced duplicate PRs and silent drift between the two lists (e.g. urllib3 was bumped to 2.6.3 in requirements.txt while Pipfile still pinned 1.26.6, mkdocs-llmstxt is >=0.5.0 in requirements.txt and unpinned in Pipfile, and several requirements.txt-only bumps were never reflected in Pipfile.lock).

This PR consolidates onto a single, reproducible lockfile flow that aligns with how the rest of the repo already manages Python deps (uv).

Changes

• Delete the unused docs/Pipfile and docs/Pipfile.lock.
• Introduce docs/requirements.in with the loose top-level constraints (this is the file that was previously docs/requirements.txt).
• Regenerate docs/requirements.txt as a real lockfile via uv pip compile, pinning every transitive dependency.
• Switch the dependabot entry for /docs from package-ecosystem: "pip" to package-ecosystem: "uv" in .github/dependabot.yml.
• Update docs/README.md with the uv pip compile regeneration command.

CI is unchanged — .github/workflows/docs-push.yml already runs pip install -r requirements.txt, which now pulls a fully locked dependency set, making docs builds reproducible.

Dependabot uv ecosystem support

GitHub announced general availability of dependabot's uv ecosystem on 2025-03-13: https://github.blog/changelog/2025-03-13-dependabot-version-updates-now-support-uv-in-general-availability/. The implementation lives in dependabot/dependabot-core under uv/, and its FileFetcher (uv/lib/dependabot/uv/file_fetcher.rb) explicitly accepts the requirements.in + requirements.txt (uv pip compile) layout:

REQUIREMENT_FILE_PATTERNS = T.let(
  {
    extensions: [".txt", ".in"],
    filenames: ["uv.lock"]
  }.freeze,
  ...
)

def self.required_files_message
  "Repo must contain a requirements.txt, uv.lock, requirements.in, or pyproject.toml"
end

It also has a requirements_in_file_matcher.compiled_file? check that pairs *.in source files with their *.txt compiled outputs, so dependabot will edit requirements.in and re-run uv to regenerate requirements.txt in the same PR.

Verification

• Repo-wide search confirms nothing references Pipfile / pipenv outside docs/Pipfile.lock itself.
• uv pip compile docs/requirements.in -o docs/requirements.txt --python-version 3.10 reproduces the committed lockfile.
• .github/workflows/docs-push.yml and docs/README.md install with pip install -r requirements.txt, which still works.

[greptile-apps]

Greptile Summary

This PR consolidates the docs dependency management by removing the orphaned docs/Pipfile + docs/Pipfile.lock (never referenced by CI) and replacing the old loose docs/requirements.txt with a proper requirements.in (top-level constraints) + fully-pinned requirements.txt lockfile generated via uv pip compile. The Dependabot entry for /docs is updated to the uv ecosystem to match, eliminating duplicate update PRs and version drift between the two previously independent file groups. CI is unaffected — docs-push.yml already installs via pip install -r requirements.txt.

Confidence Score: 5/5

Safe to merge — purely a dependency management housekeeping change with no logic modifications.

All changes are in docs infrastructure files (dependency declarations, dependabot config, README). The CI workflow is unchanged and continues to work with pip install -r requirements.txt. No P0 or P1 findings were identified.

No files require special attention.

Important Files Changed

Filename	Overview
.github/dependabot.yml	Switches the /docs entry from package-ecosystem: pip to uv, aligning it with the root entry and the new requirements.in + requirements.txt layout.
docs/requirements.in	New top-level constraints file replacing the old loose requirements.txt; carries over all deps from the deleted Pipfile minus the stale urllib3==1.26.6 pin.
docs/requirements.txt	Replaced with a fully-pinned uv pip compile lockfile; CI installs this unchanged via pip install -r requirements.txt, making builds reproducible.
docs/README.md	Adds a clear note explaining that requirements.txt is a uv-generated lockfile and documents the manual regeneration command.
docs/Pipfile	Deleted — was never installed by CI or referenced anywhere outside of Pipfile.lock itself.
docs/Pipfile.lock	Deleted — 3137-line lockfile that was entirely orphaned; no workflow or script referenced it.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[requirements.in\nloose top-level constraints] -->|uv pip compile\n--python-version 3.10| B[requirements.txt\nfully-pinned lockfile]
    B -->|pip install -r requirements.txt| C[docs-push.yml CI\nbuild-test job]
    C --> D[mkdocs build]
    E[dependabot.yml\npackage-ecosystem: uv\ndirectory: /docs] -->|weekly schedule| A
    E -->|Dependabot edits .in\nand regenerates .txt| B

Loading

_{Reviews (5): Last reviewed commit: "chore(docs): switch dependabot to uv eco..." | Re-trigger Greptile}