Split CI into independent per-platform workflows

Each platform (Linux, macOS, Windows) now has its own workflow file
that builds the sidecar, builds the Tauri app, and uploads to a shared
"latest" release independently. A failure on one platform no longer
blocks releases for the others.

- build-linux.yml: bash throughout, apt for deps
- build-macos.yml: bash throughout, brew for deps
- build-windows.yml: powershell throughout, choco for deps
- All use uv for Python, upload to shared "latest" release tag
- Each platform replaces its own artifacts on the release

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/build-linux.yml

@@ -0,0 +1,155 @@
+name: Build Linux
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    branches: [main]
+
+env:
+  PYTHON_VERSION: "3.11"
+  NODE_VERSION: "20"
+  TARGET: x86_64-unknown-linux-gnu
+
+jobs:
+  build-sidecar:
+    name: Build sidecar (Linux)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        run: |
+          if command -v uv &> /dev/null; then
+            echo "uv already installed: $(uv --version)"
+          else
+            curl -LsSf https://astral.sh/uv/install.sh | sh
+            echo "$HOME/.local/bin" >> $GITHUB_PATH
+          fi
+
+      - name: Install ffmpeg
+        run: sudo apt-get update && sudo apt-get install -y ffmpeg
+
+      - name: Set up Python
+        run: uv python install ${{ env.PYTHON_VERSION }}
+
+      - name: Build sidecar
+        working-directory: python
+        run: uv run --python ${{ env.PYTHON_VERSION }} python build_sidecar.py --cpu-only
+
+      - name: Upload sidecar artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sidecar-linux
+          path: python/dist/voice-to-notes-sidecar/
+          retention-days: 7
+
+  build-app:
+    name: Build app (Linux)
+    needs: build-sidecar
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install Rust stable
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf xdg-utils
+
+      - name: Download sidecar artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: sidecar-linux
+          path: src-tauri/binaries/
+
+      - name: Make sidecar executable
+        run: chmod +x src-tauri/binaries/voice-to-notes-sidecar-${{ env.TARGET }}
+
+      - name: Install npm dependencies
+        run: npm ci
+
+      - name: Build Tauri app
+        run: npm run tauri build
+        env:
+          TAURI_CONFIG: '{"bundle":{"externalBin":["binaries/voice-to-notes-sidecar"]}}'
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: app-linux
+          path: |
+            src-tauri/target/release/bundle/deb/*.deb
+            src-tauri/target/release/bundle/appimage/*.AppImage
+          retention-days: 30
+
+  release:
+    name: Release (Linux)
+    needs: build-app
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install tools
+        run: sudo apt-get update && sudo apt-get install -y jq curl
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: app-linux
+          path: artifacts/
+
+      - name: Create or update release
+        env:
+          BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }}
+        run: |
+          TAG="latest"
+          REPO_API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+
+          # Check if release exists
+          RELEASE_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \
+            "${REPO_API}/releases/tags/${TAG}" | jq -r '.id // empty')
+
+          if [ -z "${RELEASE_ID}" ]; then
+            # Create new release
+            RELEASE_ID=$(curl -s -X POST \
+              -H "Authorization: token ${BUILD_TOKEN}" \
+              -H "Content-Type: application/json" \
+              -d "{\"tag_name\": \"${TAG}\", \"name\": \"Voice to Notes (Latest Build)\", \"body\": \"Latest automated build from main branch.\", \"draft\": false, \"prerelease\": true}" \
+              "${REPO_API}/releases" | jq -r '.id')
+          fi
+
+          echo "Release ID: ${RELEASE_ID}"
+          if [ "${RELEASE_ID}" = "null" ] || [ -z "${RELEASE_ID}" ]; then
+            echo "ERROR: Failed to create/find release."
+            exit 1
+          fi
+
+          # Upload artifacts (delete existing ones with same name first)
+          find artifacts/ -type f \( -name "*.deb" -o -name "*.AppImage" \) | while read file; do
+            filename=$(basename "$file")
+            echo "Uploading ${filename}..."
+
+            # Delete existing asset with same name
+            ASSET_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \
+              "${REPO_API}/releases/${RELEASE_ID}/assets" | jq -r ".[] | select(.name == \"${filename}\") | .id // empty")
+            if [ -n "${ASSET_ID}" ]; then
+              curl -s -X DELETE -H "Authorization: token ${BUILD_TOKEN}" \
+                "${REPO_API}/releases/${RELEASE_ID}/assets/${ASSET_ID}"
+            fi
+
+            curl -s -X POST \
+              -H "Authorization: token ${BUILD_TOKEN}" \
+              -H "Content-Type: application/octet-stream" \
+              --data-binary "@${file}" \
+              "${REPO_API}/releases/${RELEASE_ID}/assets?name=${filename}"
+          done

.gitea/workflows/build-macos.yml

@@ -0,0 +1,147 @@
+name: Build macOS
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    branches: [main]
+
+env:
+  PYTHON_VERSION: "3.11"
+  NODE_VERSION: "20"
+  TARGET: aarch64-apple-darwin
+
+jobs:
+  build-sidecar:
+    name: Build sidecar (macOS)
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        run: |
+          if command -v uv &> /dev/null; then
+            echo "uv already installed: $(uv --version)"
+          else
+            curl -LsSf https://astral.sh/uv/install.sh | sh
+            echo "$HOME/.local/bin" >> $GITHUB_PATH
+          fi
+
+      - name: Install ffmpeg
+        run: brew install ffmpeg
+
+      - name: Set up Python
+        run: uv python install ${{ env.PYTHON_VERSION }}
+
+      - name: Build sidecar
+        working-directory: python
+        run: uv run --python ${{ env.PYTHON_VERSION }} python build_sidecar.py --cpu-only
+
+      - name: Upload sidecar artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sidecar-macos
+          path: python/dist/voice-to-notes-sidecar/
+          retention-days: 7
+
+  build-app:
+    name: Build app (macOS)
+    needs: build-sidecar
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install Rust stable
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+
+      - name: Install system dependencies
+        run: brew install --quiet create-dmg || true
+
+      - name: Download sidecar artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: sidecar-macos
+          path: src-tauri/binaries/
+
+      - name: Make sidecar executable
+        run: chmod +x src-tauri/binaries/voice-to-notes-sidecar-${{ env.TARGET }}
+
+      - name: Install npm dependencies
+        run: npm ci
+
+      - name: Build Tauri app
+        run: npm run tauri build
+        env:
+          TAURI_CONFIG: '{"bundle":{"externalBin":["binaries/voice-to-notes-sidecar"]}}'
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: app-macos
+          path: |
+            src-tauri/target/release/bundle/dmg/*.dmg
+            src-tauri/target/release/bundle/macos/*.app
+          retention-days: 30
+
+  release:
+    name: Release (macOS)
+    needs: build-app
+    if: github.ref == 'refs/heads/main'
+    runs-on: macos-latest
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: app-macos
+          path: artifacts/
+
+      - name: Create or update release
+        env:
+          BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }}
+        run: |
+          TAG="latest"
+          REPO_API="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+
+          # Check if release exists
+          RELEASE_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \
+            "${REPO_API}/releases/tags/${TAG}" | jq -r '.id // empty')
+
+          if [ -z "${RELEASE_ID}" ]; then
+            RELEASE_ID=$(curl -s -X POST \
+              -H "Authorization: token ${BUILD_TOKEN}" \
+              -H "Content-Type: application/json" \
+              -d "{\"tag_name\": \"${TAG}\", \"name\": \"Voice to Notes (Latest Build)\", \"body\": \"Latest automated build from main branch.\", \"draft\": false, \"prerelease\": true}" \
+              "${REPO_API}/releases" | jq -r '.id')
+          fi
+
+          echo "Release ID: ${RELEASE_ID}"
+          if [ "${RELEASE_ID}" = "null" ] || [ -z "${RELEASE_ID}" ]; then
+            echo "ERROR: Failed to create/find release."
+            exit 1
+          fi
+
+          find artifacts/ -type f -name "*.dmg" | while read file; do
+            filename=$(basename "$file")
+            echo "Uploading ${filename}..."
+
+            ASSET_ID=$(curl -s -H "Authorization: token ${BUILD_TOKEN}" \
+              "${REPO_API}/releases/${RELEASE_ID}/assets" | jq -r ".[] | select(.name == \"${filename}\") | .id // empty")
+            if [ -n "${ASSET_ID}" ]; then
+              curl -s -X DELETE -H "Authorization: token ${BUILD_TOKEN}" \
+                "${REPO_API}/releases/${RELEASE_ID}/assets/${ASSET_ID}"
+            fi
+
+            curl -s -X POST \
+              -H "Authorization: token ${BUILD_TOKEN}" \
+              -H "Content-Type: application/octet-stream" \
+              --data-binary "@${file}" \
+              "${REPO_API}/releases/${RELEASE_ID}/assets?name=${filename}"
+          done

.gitea/workflows/build-windows.yml

@@ -0,0 +1,158 @@
+name: Build Windows
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    branches: [main]
+
+env:
+  PYTHON_VERSION: "3.11"
+  NODE_VERSION: "20"
+  TARGET: x86_64-pc-windows-msvc
+
+jobs:
+  build-sidecar:
+    name: Build sidecar (Windows)
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        shell: powershell
+        run: |
+          if (Get-Command uv -ErrorAction SilentlyContinue) {
+            Write-Host "uv already installed: $(uv --version)"
+          } else {
+            irm https://astral.sh/uv/install.ps1 | iex
+            echo "$env:USERPROFILE\.local\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          }
+
+      - name: Install ffmpeg
+        shell: powershell
+        run: choco install ffmpeg -y
+
+      - name: Set up Python
+        shell: powershell
+        run: uv python install ${{ env.PYTHON_VERSION }}
+
+      - name: Build sidecar
+        shell: powershell
+        working-directory: python
+        run: uv run --python ${{ env.PYTHON_VERSION }} python build_sidecar.py --cpu-only
+
+      - name: Upload sidecar artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: sidecar-windows
+          path: python/dist/voice-to-notes-sidecar/
+          retention-days: 7
+
+  build-app:
+    name: Build app (Windows)
+    needs: build-sidecar
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install Rust stable
+        shell: powershell
+        run: |
+          if (Get-Command rustup -ErrorAction SilentlyContinue) {
+            rustup default stable
+          } else {
+            Invoke-WebRequest -Uri https://win.rustup.rs/x86_64 -OutFile rustup-init.exe
+            .\rustup-init.exe -y --default-toolchain stable
+            echo "$env:USERPROFILE\.cargo\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+          }
+
+      - name: Download sidecar artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: sidecar-windows
+          path: src-tauri/binaries/
+
+      - name: Install npm dependencies
+        shell: powershell
+        run: npm ci
+
+      - name: Build Tauri app
+        shell: powershell
+        run: npm run tauri build
+        env:
+          TAURI_CONFIG: '{"bundle":{"externalBin":["binaries/voice-to-notes-sidecar"]}}'
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: app-windows
+          path: |
+            src-tauri/target/release/bundle/msi/*.msi
+            src-tauri/target/release/bundle/nsis/*.exe
+          retention-days: 30
+
+  release:
+    name: Release (Windows)
+    needs: build-app
+    if: github.ref == 'refs/heads/main'
+    runs-on: windows-latest
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: app-windows
+          path: artifacts/
+
+      - name: Create or update release
+        shell: powershell
+        env:
+          BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }}
+        run: |
+          $TAG = "latest"
+          $REPO_API = "${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
+          $Headers = @{ "Authorization" = "token $env:BUILD_TOKEN" }
+
+          # Check if release exists
+          try {
+            $release = Invoke-RestMethod -Uri "${REPO_API}/releases/tags/${TAG}" -Headers $Headers -ErrorAction Stop
+            $RELEASE_ID = $release.id
+          } catch {
+            # Create new release
+            $body = @{
+              tag_name = $TAG
+              name = "Voice to Notes (Latest Build)"
+              body = "Latest automated build from main branch."
+              draft = $false
+              prerelease = $true
+            } | ConvertTo-Json
+            $release = Invoke-RestMethod -Uri "${REPO_API}/releases" -Method Post -Headers $Headers -ContentType "application/json" -Body $body
+            $RELEASE_ID = $release.id
+          }
+
+          Write-Host "Release ID: ${RELEASE_ID}"
+
+          # Upload artifacts
+          Get-ChildItem -Path artifacts -Recurse -Include *.msi,*.exe | ForEach-Object {
+            $filename = $_.Name
+            Write-Host "Uploading ${filename}..."
+
+            # Delete existing asset with same name
+            try {
+              $assets = Invoke-RestMethod -Uri "${REPO_API}/releases/${RELEASE_ID}/assets" -Headers $Headers
+              $existing = $assets | Where-Object { $_.name -eq $filename }
+              if ($existing) {
+                Invoke-RestMethod -Uri "${REPO_API}/releases/${RELEASE_ID}/assets/$($existing.id)" -Method Delete -Headers $Headers
+              }
+            } catch {}
+
+            # Upload
+            Invoke-RestMethod -Uri "${REPO_API}/releases/${RELEASE_ID}/assets?name=${filename}" `
+              -Method Post -Headers $Headers -ContentType "application/octet-stream" `
+              -InFile $_.FullName
+          }

.gitea/workflows/build.yml

@@ -1,195 +0,0 @@
-name: Build & Release
-
-on:
-  push:
-    branches: [main]
-    tags: ["v*"]
-  pull_request:
-    branches: [main]
-
-env:
-  PYTHON_VERSION: "3.11"
-  NODE_VERSION: "20"
-
-jobs:
-  build-sidecar:
-    name: Build sidecar (${{ matrix.target }})
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: ubuntu-latest
-            target: x86_64-unknown-linux-gnu
-            platform: linux
-          - runner: windows-latest
-            target: x86_64-pc-windows-msvc
-            platform: windows
-          - runner: macos-latest
-            target: aarch64-apple-darwin
-            platform: macos
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-        env:
-          AGENT_TOOLSDIRECTORY: ${{ runner.temp }}/toolcache
-
-      - name: Install Python build tools
-        run: python -m pip install --upgrade pip setuptools wheel
-
-      - name: Build sidecar
-        working-directory: python
-        run: python build_sidecar.py --cpu-only
-
-      - name: Upload sidecar artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: sidecar-${{ matrix.target }}
-          path: python/dist/voice-to-notes-sidecar/
-          retention-days: 7
-
-  build-tauri:
-    name: Build app (${{ matrix.target }})
-    needs: build-sidecar
-    runs-on: ${{ matrix.runner }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: ubuntu-latest
-            target: x86_64-unknown-linux-gnu
-            platform: linux
-          - runner: windows-latest
-            target: x86_64-pc-windows-msvc
-            platform: windows
-          - runner: macos-latest
-            target: aarch64-apple-darwin
-            platform: macos
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-
-      - name: Install Rust stable
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Install system dependencies (Linux)
-        if: matrix.platform == 'linux'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
-
-      - name: Install system dependencies (macOS)
-        if: matrix.platform == 'macos'
-        run: |
-          brew install --quiet create-dmg || true
-
-      - name: Download sidecar artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: sidecar-${{ matrix.target }}
-          path: src-tauri/binaries/
-
-      - name: Make sidecar executable (Unix)
-        if: matrix.platform != 'windows'
-        run: chmod +x src-tauri/binaries/voice-to-notes-sidecar-${{ matrix.target }}
-
-      - name: Install npm dependencies
-        run: npm ci
-
-      - name: Build Tauri app
-        run: npm run tauri build
-        env:
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_CONFIG: '{"bundle":{"externalBin":["binaries/voice-to-notes-sidecar"]}}'
-
-      - name: Upload app artifacts (Linux)
-        if: matrix.platform == 'linux'
-        uses: actions/upload-artifact@v3
-        with:
-          name: app-${{ matrix.target }}
-          path: |
-            src-tauri/target/release/bundle/deb/*.deb
-            src-tauri/target/release/bundle/appimage/*.AppImage
-          retention-days: 30
-
-      - name: Upload app artifacts (Windows)
-        if: matrix.platform == 'windows'
-        uses: actions/upload-artifact@v3
-        with:
-          name: app-${{ matrix.target }}
-          path: |
-            src-tauri/target/release/bundle/msi/*.msi
-            src-tauri/target/release/bundle/nsis/*.exe
-          retention-days: 30
-
-      - name: Upload app artifacts (macOS)
-        if: matrix.platform == 'macos'
-        uses: actions/upload-artifact@v3
-        with:
-          name: app-${{ matrix.target }}
-          path: |
-            src-tauri/target/release/bundle/dmg/*.dmg
-            src-tauri/target/release/bundle/macos/*.app
-          retention-days: 30
-
-  release:
-    name: Create Release
-    needs: build-tauri
-    if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install required tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq curl
-
-      - name: Download all app artifacts
-        uses: actions/download-artifact@v3
-        with:
-          path: artifacts/
-
-      - name: Generate release tag
-        id: tag
-        run: echo "tag=build-$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT
-
-      - name: Create release
-        env:
-          BUILD_TOKEN: ${{ secrets.BUILD_TOKEN }}
-          TAG: ${{ steps.tag.outputs.tag }}
-        run: |
-          # Create the release
-          RELEASE_ID=$(curl -s -X POST \
-            -H "Authorization: token ${BUILD_TOKEN}" \
-            -H "Content-Type: application/json" \
-            -d "{\"tag_name\": \"${TAG}\", \"name\": \"Voice to Notes ${TAG}\", \"body\": \"Automated build from main branch.\", \"draft\": false, \"prerelease\": true}" \
-            "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases" | jq -r '.id')
-
-          echo "Release ID: ${RELEASE_ID}"
-
-          if [ "${RELEASE_ID}" = "null" ] || [ -z "${RELEASE_ID}" ]; then
-            echo "ERROR: Failed to create release. Check BUILD_TOKEN permissions."
-            exit 1
-          fi
-
-          # Upload all artifacts
-          find artifacts/ -type f \( -name "*.deb" -o -name "*.AppImage" -o -name "*.msi" -o -name "*.exe" -o -name "*.dmg" \) | while read file; do
-            filename=$(basename "$file")
-            echo "Uploading ${filename}..."
-            curl -s -X POST \
-              -H "Authorization: token ${BUILD_TOKEN}" \
-              -H "Content-Type: application/octet-stream" \
-              --data-binary "@${file}" \
-              "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets?name=${filename}"
-          done

python/build_sidecar.py

@@ -59,42 +59,72 @@ def get_target_triple() -> str:
         return f"{arch}-unknown-{system}"
 
 
+def _has_uv() -> bool:
+    """Check if uv is available."""
+    try:
+        subprocess.run(["uv", "--version"], capture_output=True, check=True)
+        return True
+    except (FileNotFoundError, subprocess.CalledProcessError):
+        return False
+
+
 def create_venv_and_install(cpu_only: bool) -> Path:
-    """Create a fresh venv and install dependencies."""
+    """Create a fresh venv and install dependencies.
+
+    Uses uv if available (much faster), falls back to standard venv + pip.
+    """
     venv_dir = BUILD_DIR / "sidecar-venv"
     if venv_dir.exists():
         shutil.rmtree(venv_dir)
 
-    print(f"[build] Creating venv at {venv_dir}")
-    subprocess.run([sys.executable, "-m", "venv", str(venv_dir)], check=True)
+    use_uv = _has_uv()
 
-    # Determine python path inside venv — use `python -m pip` instead of
-    # calling pip directly to avoid permission errors on Windows
+    if use_uv:
+        print(f"[build] Creating venv with uv at {venv_dir}")
+        subprocess.run(
+            ["uv", "venv", "--python", f"{sys.version_info.major}.{sys.version_info.minor}",
+             str(venv_dir)],
+            check=True,
+        )
+    else:
+        print(f"[build] Creating venv at {venv_dir}")
+        subprocess.run([sys.executable, "-m", "venv", str(venv_dir)], check=True)
+
+    # Determine python path inside venv
     if sys.platform == "win32":
-        python = str(venv_dir / "Scripts" / "python")
+        python = str(venv_dir / "Scripts" / "python.exe")
     else:
         python = str(venv_dir / "bin" / "python")
 
     def pip_install(*args: str) -> None:
-        subprocess.run([python, "-m", "pip", *args], check=True)
+        """Install packages. Pass package names and flags only, not 'install'."""
+        if use_uv:
+            # Use --python with the venv directory (not the python binary) for uv
+            subprocess.run(
+                ["uv", "pip", "install", "--python", str(venv_dir), *args],
+                check=True,
+            )
+        else:
+            subprocess.run([python, "-m", "pip", "install", *args], check=True)
 
-    # Upgrade pip
-    pip_install("install", "--upgrade", "pip", "setuptools", "wheel")
+    if not use_uv:
+        # Upgrade pip (uv doesn't need this)
+        pip_install("--upgrade", "pip", "setuptools", "wheel")
 
     # Install torch (CPU-only to avoid bundling ~2GB of CUDA libs)
     if cpu_only:
         print("[build] Installing PyTorch (CPU-only)")
         pip_install(
-            "install", "torch", "torchaudio",
+            "torch", "torchaudio",
             "--index-url", "https://download.pytorch.org/whl/cpu",
         )
     else:
         print("[build] Installing PyTorch (default, may include CUDA)")
-        pip_install("install", "torch", "torchaudio")
+        pip_install("torch", "torchaudio")
 
     # Install project and dev deps (includes pyinstaller)
     print("[build] Installing project dependencies")
-    pip_install("install", "-e", f"{SCRIPT_DIR}[dev]")
+    pip_install("-e", f"{SCRIPT_DIR}[dev]")
 
     return Path(python)